Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Analysis ID:1532785
MD5:647a2177841aebe2f1bb1b3767f41287
SHA1:446575615e7fcc9c58fb04cad12909a183a2eb15
SHA256:07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c
Tags:exe
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Checks if browser processes are running
Checks if the current machine is a virtual machine (disk enumeration)
Contain functionality to detect virtual machines
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to infect the boot sector
Creates an undocumented autostart registry key
Found direct / indirect Syscall (likely to bypass EDR)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Changes image file execution options
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Enables driver privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe (PID: 1692 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe" MD5: 647A2177841AEBE2F1BB1B3767F41287)
    • SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp (PID: 1468 cmdline: "C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp" /SL5="$20418,29027361,780800,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe" MD5: 2C94C19646786C4EE5283B02FD8CE5A5)
      • saBSI.exe (PID: 5096 cmdline: "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
      • avg_antivirus_free_setup.exe (PID: 4216 cmdline: "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ MD5: 26816AF65F2A3F1C61FB44C682510C97)
        • avg_antivirus_free_online_setup.exe (PID: 7008 cmdline: "C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:aebce588-2047-4838-96b4-2abc3f1c4a20 /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7 MD5: 4DE05BCEF050AB8FA30941A9E3454645)
          • icarus.exe (PID: 4568 cmdline: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20 MD5: B178E9C05511563BDF3A5097D9116197)
      • norton_secure_browser_setup.exe (PID: 6200 cmdline: "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is" MD5: F269C5140CBC0E376CC7354A801DDD16)
        • NortonBrowserUpdateSetup.exe (PID: 6088 cmdline: NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: 2B07E26D3C33CD96FA825695823BBFA7)
          • NortonBrowserUpdate.exe (PID: 1536 cmdline: "C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5992 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 1980 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 400 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0MzOEZBMEI2LTM5NTItNEZGQS1CQzQxLTM1RTgwN0M5RUQ5M30iIHVzZXJpZD0iezA5MUMwMDkxLTI0MUMtNDIwQS04ODhBLUUyMDg5OUU5ODA3NX0iIHVzZXJpZF9kYXRlPSIyMDI0MTAxMyIgbWFjaGluZWlkPSJ7MDAwMDdBNUMtMjRCNS1EM0Q0LTNCMDktOUREQTc5RDYwM0ZEfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMDEzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezdCOEUxNzU2LTA5MkQtNEQzQS1BQjEyLTk5MjRCRkMyRjEzOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iOTYxMCIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 4544 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{C38FA0B6-3952-4FFA-BC41-35E807C9ED93}" /silent MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
      • CheatEngine75.exe (PID: 2552 cmdline: "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST MD5: E0F666FE4FF537FB8587CCD215E41E5F)
        • CheatEngine75.tmp (PID: 6516 cmdline: "C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp" /SL5="$10484,26511452,832512,C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST MD5: 9AA2ACD4C96F8BA03BB6C3EA806D806F)
          • net.exe (PID: 4908 cmdline: "net" stop BadlionAntic MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
            • conhost.exe (PID: 6068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net1.exe (PID: 5684 cmdline: C:\Windows\system32\net1 stop BadlionAntic MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
          • net.exe (PID: 1672 cmdline: "net" stop BadlionAnticheat MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
            • conhost.exe (PID: 6804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net1.exe (PID: 3856 cmdline: C:\Windows\system32\net1 stop BadlionAnticheat MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
          • sc.exe (PID: 4940 cmdline: "sc" delete BadlionAntic MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
            • conhost.exe (PID: 3676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • sc.exe (PID: 4984 cmdline: "sc" delete BadlionAnticheat MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
            • conhost.exe (PID: 6012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • _setup64.tmp (PID: 316 cmdline: helper 105 0x40C MD5: E4211D6D009757C078A9FAC7FF4F03D4)
            • conhost.exe (PID: 2836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • icacls.exe (PID: 1136 cmdline: "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX) MD5: 48C87E3B3003A2413D6399EA77707F5D)
            • conhost.exe (PID: 4992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Kernelmoduleunloader.exe (PID: 6928 cmdline: "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP MD5: 9AF96706762298CF72DF2A74213494C9)
          • windowsrepair.exe (PID: 7144 cmdline: "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s MD5: 9A4D1B5154194EA0C42EFEBEB73F318F)
          • icacls.exe (PID: 4780 cmdline: "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX) MD5: 48C87E3B3003A2413D6399EA77707F5D)
            • conhost.exe (PID: 5680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Cheat Engine.exe (PID: 1356 cmdline: "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe" MD5: F921416197C2AE407D53BA5712C3930A)
        • cheatengine-x86_64-SSE4-AVX2.exe (PID: 3564 cmdline: "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe" MD5: 910DE25BD63B5DA521FC0B598920C4EC)
  • NortonBrowserUpdate.exe (PID: 1820 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • NortonBrowserUpdate.exe (PID: 5816 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 5276 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • msiexec.exe (PID: 2084 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\GUT7F2A.tmpPlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1f88a8:$Dwork: D:\work
  • 0x1fac58:$Dwork: D:\work
  • 0x1faedc:$Dwork: D:\work
  • 0x2019f8:$Dwork: D:\work
  • 0x201ba0:$Dwork: D:\work
  • 0x201d08:$Dwork: D:\work
  • 0x201de0:$Dwork: D:\work
  • 0x202040:$Dwork: D:\work
  • 0x202160:$Dwork: D:\work
  • 0x202280:$Dwork: D:\work
  • 0x202330:$Dwork: D:\work
  • 0x2db910:$Dwork: D:\work
  • 0x2dba38:$Dwork: D:\work
  • 0x2dbba0:$Dwork: D:\work
  • 0x2dbd88:$Dwork: D:\work
  • 0x2dbe78:$Dwork: D:\work
  • 0x2dbff8:$Dwork: D:\work
  • 0x2dc118:$Dwork: D:\work
  • 0x2dc1c8:$Dwork: D:\work
  • 0x4ed054:$Dwork: D:\work
  • 0x4ed0b0:$Dwork: D:\work

Sigma Signatures

System Summary

barindex
Sigma detected: Net.exe Execution
Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "net" stop BadlionAntic, CommandLine: "net" stop BadlionAntic, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp" /SL5="$10484,26511452,832512,C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST, ParentImage: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp, ParentProcessId: 6516, ParentProcessName: CheatEngine75.tmp, ProcessCommandLine: "net" stop BadlionAntic, ProcessId: 4908, ProcessName: net.exe
Sigma detected: Stop Windows Service Via Net.EXE
Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "net" stop BadlionAntic, CommandLine: "net" stop BadlionAntic, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp" /SL5="$10484,26511452,832512,C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST, ParentImage: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp, ParentProcessId: 6516, ParentProcessName: CheatEngine75.tmp, ProcessCommandLine: "net" stop BadlionAntic, ProcessId: 4908, ProcessName: net.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00ED14F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,6_2_00ED14F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00ED17A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,6_2_00ED17A0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E85870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,6_2_00E85870
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E86220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,6_2_00E86220
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EBE610 CryptMsgClose,6_2_00EBE610
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E867B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,6_2_00E867B0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EBEB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,6_2_00EBEB60
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EBF150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,6_2_00EBF150
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EBF3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,6_2_00EBF3C0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002BB0E0 CryptDestroyHash,CryptDestroyHash,7_2_002BB0E0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B9250 CryptGenRandom,GetLastError,__CxxThrowException@8,7_2_002B9250
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B82F0 CryptDestroyHash,7_2_002B82F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B9450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,7_2_002B9450
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B8DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,7_2_002B8DC0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B9020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,7_2_002B9020
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B8260 CryptDestroyHash,7_2_002B8260
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B9340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,7_2_002B9340
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B94D0 CryptHashData,GetLastError,__CxxThrowException@8,7_2_002B94D0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002D2660 CryptReleaseContext,7_2_002D2660
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B8EF0 CryptReleaseContext,7_2_002B8EF0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B57617F LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,8_2_6B57617F
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_131e23c7-0

Compliance

barindex
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Creates a directory in C:\Program Files
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\unins000.dat
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-BFF2E.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-RQRMM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-R4GE2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-72BU9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-IV0NK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-N38VJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-KIRLN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FQGBJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-HGJT7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-TQQAG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-CL9N5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-AHB9O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-UF26U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-E37Q3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-0FB03.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-2U6TF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FBMCH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-I2V54.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-JFS2A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-KL9VH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PSA9P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7QPMC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-BTJJH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-75TSL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-5I4UE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-NOICI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PKGDH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UDKLJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4POE7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FMRQF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-J47E1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PGEV4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-KK00S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-VPM6Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-RVHMQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-16220.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-ANU26.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UO5CC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-GCQDJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FBTQU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-1DQ1T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-336PT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-P7CS5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-1CIQN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-OIUJN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-6P7I3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-K22G7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-EBO62.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-BMNFF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-IMQBP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-2QGRI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-37HLN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-40FGR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-NKDHL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-UDNJT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-DULMF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-MEENJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-2112F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-FTEJ1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-9BJ92.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-4TO7G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-U9SH0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-RMJML.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-34O27.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-2B88A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-AV53V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-I8P0I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-THMAN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-0TI5O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-U5JM5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-1UIMF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-M5AV9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-Q7UFI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-C5AM9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-D7525.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-3D3GL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-8M8PH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-45C74.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-H0IHB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-2543L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-HHTRD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-14FVE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-EJ9LQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-L1DGU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-7FPGT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-JUP9T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KEJ59.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-US35A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KN4PP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KGD5C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-9LVPH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-9OH1H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-4HJPQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-F584H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-7FMG9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KBHQA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-BK3OO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-C5KE4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\is-K42BA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-6OKOE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-MGP2A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-MFVSU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-QU0GB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-OK3OK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-E1T68.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-FFHVM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-4SE94.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-PQ9BK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\tcc
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\tcc\is-8TSOB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-501P5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-T4N3F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-NBMM7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-A45GA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-7EC02.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-L62H1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-TU9H5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-JJ49U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-568V6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-3U27L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-3JI95.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-SN34V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-OT2L8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-3E010.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-A3PV0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-42754.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-09AL1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-OHBQT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-JE87D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-RTEI5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-ONG59.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-O59N1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-9U9B4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-P2ENR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7BM0M.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-5GVR6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-5LK6U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-JEI5U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-Q08M3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-CV4H4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-0BGBJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FUMG5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-MHK86.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-6OC6I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-HGRTQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-J4AE8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-M6QDN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-LEND9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-K9HMC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-43BS0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-I78HF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-RA0R0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-0AF20.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-F95P5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FDDI5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-A5B9G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7CQ1E.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-0CE9E.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-U6G2I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PDFMG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-H679F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-J64KJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-CF49D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-LGB3P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-MM02R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-2JF6D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ET21F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-4DCN2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-6N8A9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5GPEK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-F5QPG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-2N3Q4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-584GI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-GTI0U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-KIFK6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-4LDQM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-ULVQD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-UP8L6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-4G78C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-EP4AH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-GUI0I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-19C72.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-0E40O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-1GAVC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-JM5FQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-HO8MA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ENPS2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-RBTJ0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-H2T8T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-IT56N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3T4D3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-T5U34.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-8SR0I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-5T201.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-9MSQI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-3P2HH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-V34VI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-PKMDV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-9OFV8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-IP33U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-VMC2K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-3RF09.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-8UK9S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-JS844.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-97HQG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-RFBAO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-9AVT7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\xml
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\xml\is-M5NVQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs32
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs32\is-NCEC0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs64
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs64\is-JPS54.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-FSUG1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-1158P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-F8MFP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-VU1B4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-JN7D0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-LUSKO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-MS1IL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-DV7SG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-42JIV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-51ITG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-95FLC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-HH7T1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-QTJKK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-VCJ0O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-0BFCL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-T12KF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-P95ON.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\is-R3C09.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NP419.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-H70EH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-J2BQ1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-49V1Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-F0BFV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-IHEQV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NP179.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-UMDF3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-VH49F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-ROUDI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-DJH38.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-336LU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-ULJII.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-DD0U1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-SFC4L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-CIM80.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-D3B40.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-1A785.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-EEUM9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-GJHR4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-THFAG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-I8VBM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-J46MR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-5M78V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-43T6R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-ELICB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-R89P4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-43AFC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-7RGDO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-M12HS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-AGB3S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\is-K33G0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-NR97V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-8R982.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-4F1HP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-55SGL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-DIII9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-Q5KUL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-2JDHM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-HTFR3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-DS7TE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-QF79C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-8KF69.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-RNLT1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-22RE5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-R9IVV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-KPS6A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-I9J88.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-APRT7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-J6PU7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-HHLSI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-1S6IF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-LRQNB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-HGB3S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-M2V7O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-C9MLF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-8THT9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-P70KL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-BDIQL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-NS0EV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-Q6A3Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-2RTOA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\unins000.msg
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\server.txt
Creates a software uninstall entry
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cheat Engine_is1
PE / OLE file has a valid certificate
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000000.2073108624.00000000003B5000.00000002.00000001.01000000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2906558496.00000000003B5000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2929146264.000000006E6E6000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2927493989.000000006B48E000.00000002.00000001.01000000.00000017.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdba source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb@ source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: added an option to skip loading .PDB files source: CheatEngine75.exe, 00000009.00000003.2293089149.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2073488082.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2272556530.00000000035E3000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2277553220.0000000000945000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2274364063.0000000002437000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2086887281.00000000034C0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2272972396.00000000037B1000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2927789642.000000006B4C3000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2928748307.000000006B722000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000007.00000000.2039583551.00000000002D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F09BF0 FindFirstFileExW,6_2_00F09BF0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002CA4B5 FindFirstFileExW,7_2_002CA4B5
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_004028D5 FindFirstFileW,8_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_0040679D FindFirstFileW,FindClose,8_2_0040679D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B48906B FindFirstFileExA,8_2_6B48906B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4C0DC6 FindFirstFileExW,8_2_6B4C0DC6
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B551A80 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,8_2_6B551A80
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B551AA0 FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,8_2_6B551AA0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B717010 lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcpyW,FindNextFileW,FindClose,8_2_6B717010
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\userJump to behavior
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B7191E0 lstrlenW,HttpQueryInfoW,GlobalAlloc,GlobalAlloc,GlobalAlloc,lstrlenW,CreateFileW,GetLastError,InternetReadFile,lstrcpynA,WriteFile,InternetReadFile,GetLastError,InternetQueryOptionW,InternetQueryOptionW,InternetQueryOptionW,wsprintfW,GetLastError,MultiByteToWideChar,GetLastError,wsprintfW,GlobalFree,CloseHandle,DeleteFileW,8_2_6B7191E0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dContent-EncodingHTTP/1.0deflate:
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCer
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2466655812.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2551509916.0000000005C97000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2625691931.000000000606E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2927200408.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000083E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2466655812.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2551890527.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E13000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2466655812.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2551890527.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000083E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: saBSI.exe, saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx./
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/ns#
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000850000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2093851092.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2046095457.0000000003603000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2078388708.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115665410.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2120071037.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2911494066.00000000048EB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2166330362.0000000003E86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2466655812.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2551509916.0000000005C97000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2625691931.000000000606E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2927200408.0000000004B6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000083E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2466655812.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2551890527.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E13000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000083E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avg_antivirus_free_setup.exe, 00000007.00000000.2039583551.00000000002D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: norton_secure_browser_setup.exe, 00000008.00000000.2058599023.000000000040A000.00000008.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digic
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000083E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2466655812.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2625539194.0000000005E00000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2551890527.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.00000000008A7000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000083E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2466655812.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2551509916.0000000005C97000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2625691931.000000000606E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035E8000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2927200408.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2466655812.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2551890527.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E13000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t2.symcb.com0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: avg_antivirus_free_setup.exe, 00000007.00000002.2909259904.0000000004878000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2910047309.00000000048B0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676200288.00000000048AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: avg_antivirus_free_setup.exe, 00000007.00000002.2909259904.0000000004878000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/:
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2075303592.0000000004921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/u
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2910400838.00000000048C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wiki.lazarus.freepascal.org/fpvectorial)
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000083E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2572336539.0000000002276000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1640936924.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1650100849.0000000003460000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.0000000007586000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2911494066.00000000048EB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2911494066.00000000048EB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avg_antivirus_free_setup.exe, 00000007.00000002.2909259904.0000000004878000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collectmr
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2911494066.00000000048EB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/g
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2911494066.00000000048EB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/i
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2911494066.00000000048EB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/s
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2910400838.00000000048C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
Source: norton_secure_browser_setup.exe, 00000008.00000002.2917141259.0000000002776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/license/?l=%LOCALE%licenseAgreement
Source: norton_secure_browser_setup.exe, 00000008.00000002.2917141259.0000000002776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/policies/privacy/?l=%LOCALE%privacyPolicyLin
Source: norton_secure_browser_setup.exe, 00000008.00000002.2917141259.0000000002776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://%HOST_PREFIX%installer.norton.securebrowser.com/uninstall-survey/
Source: norton_secure_browser_setup.exe, 00000008.00000003.2171617035.0000000003E2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: norton_secure_browser_setup.exe, 00000008.00000003.2171617035.0000000003E2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
Source: saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
Source: saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/7a
Source: saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordR
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordg
Source: saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordl
Source: saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordoa
Source: saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordu
Source: saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2093851092.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115665410.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2120071037.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2078388708.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2046095457.00000000035CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/v
Source: saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordDITION
Source: saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordN
Source: saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordbq0pzMh1iysE9YiVlC14kJF9ZI
Source: saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordtribution
Source: saBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.comse
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2121606289.00000000032AC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2301315155.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2166105239.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2226810463.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2105357469.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2120125088.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2330330375.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2105357469.00000000032AD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2351707368.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2272464778.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2104750470.00000000032CE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2121121212.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2239707201.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355898091.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.00000000032D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2261748478.0000000003279000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2117416203.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2104750470.00000000032CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/k
Source: icarus.exe, 0000002F.00000002.2916767655.00000202256E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/118
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2105357469.000000000326D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2105357469.00000000032AD000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2104750470.00000000032CE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.00000000032D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.000000000326B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.000000000324E000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000002F.00000002.2916767655.00000202256E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000000.2073108624.00000000003B5000.00000002.00000001.01000000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2906558496.00000000003B5000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25Sent
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/25ddiskVolume3
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/25peuHMloNuGAy8EUQEYDzh7hQ
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdfo
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdfv
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2917141259.0000000002776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-%HOST_PREFIX%update.norton.securebrowser.com/installer/%VERSION%/norton-securebrowser%ED
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cheatengine.org/microtransaction.php?action=buy&amount=
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cheatengine.org/tutorial.php?tutorial=
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cheatengine.org/tutorial.php?tutorial=open
Source: norton_secure_browser_setup.exe, 00000008.00000003.2171617035.0000000003E4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
Source: norton_secure_browser_setup.exe, 00000008.00000003.2166330362.0000000003E4C000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxargumentsshow-windowretriesdelaycmd.exe
Source: saBSI.exe, 00000006.00000003.2436222904.00000000035C5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600499936.0000000005BD9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235464437.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://confluence.int.mcafee.com/pages/viewpage.action?pageId=35264328
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1770954065.000000000504E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cl61
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717815440.0000000000808000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1640936924.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2572336539.00000000022DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2551218210.00000000034D1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2547608857.0000000002430000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2553055406.00000000035A9000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1650100849.0000000003460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.000000000753D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/files/1319/avg.zip
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi4
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/files/1319/avg.zipd
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/images/1509/EN.png
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/images/1509/EN.png(
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/images/1509/EN.pngng0S
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1640936924.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2572336539.00000000022DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.00000000074C0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2551218210.00000000034D1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2547608857.0000000002430000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1650100849.0000000003460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/CheatEngine/1032/CheatEngine75.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2547608857.00000000024F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipu
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png-
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pngl
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2547608857.00000000024B8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip69a
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/images/943/EN.png
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/images/943/EN.png0/EN.pngq
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/images/943/EN.png3
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1640936924.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2572336539.00000000022DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2551218210.00000000034D1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2547608857.0000000002430000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1650100849.0000000003460000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2553055406.00000000035ED000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/o
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2553055406.00000000035ED000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2357615545.0000000005104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/zbd
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2557759173.000000000510D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2357615545.0000000005104000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/zbdP
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net/zbdtmp
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net:443/zbd7b81be6a-ce2b-4676-a29e-eb907a5126c5
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d34hwk9wxgk5fi.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefoxextension.avast.com/aos/update.json
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns-legacy.sb.avast.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2301315155.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2180242164.00000000032AC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.00000000032D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2313572210.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2351707368.00000000032D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2225550092.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_setup.exe, 00000007.00000002.2910047309.00000000048B0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676200288.00000000048AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/2
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2262283667.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/7
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2330330375.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2334391190.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2301315155.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2358204550.00000000032D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.00000000032D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2313572210.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2351707368.00000000032D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/G
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2225550092.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/defs/avg-av/release.xml.lzma
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2121606289.00000000032AC000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2120125088.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2117416203.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/h
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.00000000032D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/3a9b/c34b/6b2c/3a9bc34b6b2c36180dca72e2d1c706269d1501ebd9b2c37e39e
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2225550092.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/525e/717a/0e3c/525e717a0e3ce0c1c92209926f5fe71e3764ac82eae6d4ad22a
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2301315155.0000000003286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/7dcb/3284/d637/7dcb3284d637fb01aca0aa743bab8ab85de550c34e1bd91be16
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2225550092.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/ba37/d394/2a9c/ba37d3942a9c593900b99a86c846013422428366dc42dc3bca9
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2225550092.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/c686/cdd7/4a82/c686cdd74a82dffd852bfe5b739bd2022835b25941d394935b0
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/e27c/e913/9c20/e27ce9139c203b6fb8ea8b8d82d50edeb2466df76377db241ab
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2262283667.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2351707368.00000000032D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.000000000329D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2261748478.0000000003279000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/ec6a/b4f0/e8de/ec6ab4f0e8de9de8a8c3073baba01c0bdc941f0b50742c666b1
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/defs/avg-av/release.xml.lzmaUQEYDzh7hQ
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/3a9b/c34b/6b2c/3a9bc34b6b2c36180dca72e2d1c706269d1501ebd9b2c37
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/ba37/d394/2a9c/ba37d3942a9c593900b99a86c846013422428366dc42dc3
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2301315155.000000000329D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.netG
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000000.1640407598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, CheatEngine75.exe, 00000009.00000000.2072114833.000000000040E000.00000020.00000001.01000000.00000012.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: norton_secure_browser_setup.exe, 00000008.00000003.2120972719.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: norton_secure_browser_setup.exe, 00000008.00000002.2913461415.000000000086A000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2135463811.0000000003E13000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2121948243.0000000003E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0application/jsonFaile
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: norton_secure_browser_setup.exe, 00000008.00000002.2913461415.0000000000879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.googl
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiest
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.756/updatefile.json
Source: saBSI.exe, 00000006.00000003.2115665410.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2120071037.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.co
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.co5-
Source: saBSI.exe, 00000006.00000003.2120071037.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
Source: saBSI.exe, 00000006.00000003.2093851092.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/b
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/S4
Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003642000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2092832631.0000000003641000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003642000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2092832631.0000000003641000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 00000006.00000003.2121317210.000000000365F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml7_)Y
Source: saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xmlF
Source: saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003642000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2092832631.0000000003641000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003642000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600499936.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2092832631.0000000003641000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601189192.0000000005BF2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235464437.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235464437.0000000005C06000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2599785109.0000000005C06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, saBSI.exe, 00000006.00000003.2093851092.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2093851092.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2078388708.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115665410.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2120071037.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml.DLL
Source: saBSI.exe, 00000006.00000003.2093851092.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xmll
Source: saBSI.exe, 00000006.00000003.2115665410.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xm
Source: saBSI.exe, 00000006.00000003.2120071037.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 00000006.00000003.2115665410.00000000035E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xmlrted
Source: saBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/p
Source: saBSI.exe, 00000006.00000003.2600499936.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235464437.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2623979179.0000000005BF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 00000006.00000003.2235464437.0000000005C06000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2599785109.0000000005C06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003642000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2092832631.0000000003641000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlnload.mcafee.com
Source: saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binary
Source: saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/965/
Source: saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/965/64/installer.exe
Source: saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/965/64/installer.exeexe
Source: saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601189192.0000000005C11000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2599785109.0000000005C06000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xmla
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
Source: saBSI.exe, 00000006.00000003.2600499936.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235464437.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2623979179.0000000005BF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 00000006.00000003.2235464437.0000000005C06000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2599785109.0000000005C06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235297634.0000000005C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: saBSI.exe, 00000006.00000003.2093851092.00000000035E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/BSI/bsi_main.xmlsion
Source: saBSI.exe, 00000006.00000003.2115665410.00000000035EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com:443/products/SA/BSI/bsi_vars.xml
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sciter.com0/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net
Source: avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2083329550.000000000323A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003226000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003208000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2083568241.000000000323A000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000002F.00000002.2916767655.00000202256E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net/
Source: icarus.exe, 0000002F.00000002.2916767655.00000202256E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net/?p_age=0&p_bld=mmm_irs_ppi_902_451_o&p_cpua=x64&p_icar=1&p_lng=en&p_midex
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: norton_secure_browser_setup.exe, 00000008.00000002.2913461415.00000000007D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com
Source: norton_secure_browser_setup.exe, 00000008.00000002.2913461415.0000000000879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2913461415.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/?_=1728854973486&retry_tracking_count=0&last_request_error_code=0&la
Source: norton_secure_browser_setup.exe, 00000008.00000002.2913461415.0000000000879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/KE
Source: norton_secure_browser_setup.exe, 00000008.00000003.2171617035.0000000003E22000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com?_=1728854973486
Source: norton_secure_browser_setup.exe, 00000008.00000002.2917141259.0000000002776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingPar
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns-legacy.sb.avast.comhttps
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000086B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000086B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/license/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/license/&
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/privacy/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/privacy/j
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.;MJ
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.c
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.co
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-U
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-con
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-conO
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consuA
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consum
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consume
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-p)
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-pr
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-pro
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-product
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-productsKA;
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717815440.0000000000800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-productser
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privac
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy(c
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-p
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-poli
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-polic
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy2
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policyy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.co
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2565168107.0000000006784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula.net/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566099889.000000000679F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2057726501.000000000679E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula.net/x
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2565168107.0000000006784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us//
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2565168107.0000000006784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2056993954.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566099889.000000000679F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2057726501.000000000679E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2565168107.0000000006784000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacynet/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacyq
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-licen
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000834000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-ag
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreement
Source: CheatEngine75.exe, 00000009.00000003.2293089149.0000000002141000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2274364063.0000000002511000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/
Source: CheatEngine75.exe, 00000009.00000003.2073488082.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2086887281.00000000034C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/8https://www.cheatengine.org/8https://www.cheatengine.org/
Source: CheatEngine75.exe, 00000009.00000003.2293089149.0000000002141000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/A
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.0000000002511000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/Q
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/privacy.htm
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2538625158.00000000007D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cheatengine.org/privacy.htmdprog
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2036857006.0000000006335000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2434817550.0000000005CEB000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460196505.0000000005E09000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2459893307.0000000005E08000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FE24000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000024C8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000002.2288361412.000000000018F000.00000004.00000010.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000000.1648123468.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000000.2081270018.0000000000401000.00000020.00000001.01000000.00000016.sdmpString found in binary or memory: https://www.innosetup.com/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000834000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2565855308.0000000006793000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000834000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlJ
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EC86Dw
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zip
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlf4e82bb25440bed0692
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html6
Source: norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E13000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.0000000007471000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/leg
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.0000000007471000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/lega
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2357615545.00000000050F6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2551218210.00000000034D1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2381983763.0000000005101000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.0000000007496000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2557228995.0000000005101000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.0000000007504000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000831000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.00000000074E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/exeWAp
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/yB
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.0000000007561000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/p
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.0000000007561000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/pr
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000831000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2566496525.00000000074E0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2547608857.00000000024D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/#
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.c
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.co
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersI
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersd
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com~L
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000834000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000823000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000086B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000000.1648123468.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000000.2081270018.0000000000401000.00000020.00000001.01000000.00000016.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.winzip.com/win/en/eula.html
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000823000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.winzip.com/win/en/privacy.html#
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_00405601 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,8_2_00405601

E-Banking Fraud

barindex
Checks if browser processes are running
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: lstrcpyW,lstrcpyW,lstrcmpW,lstrcpyW,lstrlenW,lstrcpyW,GetFileAttributesW,CreateFileW,GetFileSize,GlobalAlloc,ReadFile,MultiByteToWideChar,GlobalAlloc,MultiByteToWideChar,GlobalFree,CloseHandle,StrStrW,StrStrW,StrStrW,StrStrW,GlobalAlloc,lstrcpynW,GlobalFree,CloseHandle,GlobalFree, \SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppxManifest.xml8_2_6B482050
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes many files with high entropy
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe entropy: 7.9934109544Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0 (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1 (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2 (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0.zip (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1.zip (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2.zip (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\installer.exe entropy: 7.99155381417Jump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\6c4ecc2e-228f-48c2-ab14-fb091aa0edf4 entropy: 7.99988874548Jump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\e088cdd7-929e-4b5a-b532-74b6a7a8f605 entropy: 7.99867427042Jump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\482aad38-cfc0-46e2-a327-1a45c191b5bf entropy: 7.99995735727Jump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\setupui.cont entropy: 7.99950093996Jump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\af28a54b-4928-4a10-ada1-9dc7ec0f8ba9 entropy: 7.99951440014Jump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\ede2c28e-ba2a-4c13-92ac-ce68045195ae entropy: 7.99983248956Jump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\4735a029-12aa-4d80-8a98-d2adaa6b7209 entropy: 7.99994482497Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tiny.cepack (copy) entropy: 7.99400748427Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\standalonephase1.cepack (copy) entropy: 7.99178449569Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\standalonephase2.cepack (copy) entropy: 7.99243682541Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\dbk32.cepack (copy) entropy: 7.99403851023Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\dbk64.cepack (copy) entropy: 7.9956449907Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\Tutorial-i386.cepack (copy) entropy: 7.99553499082Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\setupui.cont entropy: 7.99950093996Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_product.dll.lzma entropy: 7.99938660973Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99302035975Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_product.dll.lzma entropy: 7.99988284299Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_rvrt.exe.lzma entropy: 7.99302035975Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\aswOfferTool.exe.lzma entropy: 7.99977539515Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: C:\Program Files (x86)\GUT7F2A.tmp, type: DROPPEDMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E86220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,6_2_00E86220
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B719B40 GetFileAttributesW,CloseHandle,lstrlenW,lstrlenW,lstrlenW,GetFileAttributesW,CloseHandle,GlobalAlloc,CloseHandle,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,lstrcpyW,GlobalAlloc,CloseHandle,lstrcpyW,lstrcpyW,lstrlenW,lstrcpyW,lstrcpyW,WTSGetActiveConsoleSessionId,CloseHandle,LoadLibraryW,LoadLibraryW,CloseHandle,LoadLibraryW,CloseHandle,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,DuplicateTokenEx,GetTokenInformation,GetTokenInformation,GetTokenInformation,CloseHandle,CreateProcessAsUserW,CloseHandle,CloseHandle,ShellExecuteExW,CloseHandle,CloseHandle,CreateProcessW,CloseHandle,AllowSetForegroundWindow,GlobalFree,CloseHandle,CloseHandle,8_2_6B719B40
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,8_2_0040350D
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\47b85a.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB9C1.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\47b85d.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\47b85d.msi
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\47b85d.msi
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpCode function: 2_2_0018FDE82_2_0018FDE8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C343DD6_3_05C343DD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32D8D6_3_05C32D8D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38A916_3_05C38A91
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C344BD6_3_05C344BD
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C357216_3_05C35721
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E88FB06_2_00E88FB0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E84F506_2_00E84F50
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E851106_2_00E85110
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EBD5406_2_00EBD540
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EC18406_2_00EC1840
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E870D96_2_00E870D9
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E8F1106_2_00E8F110
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EA73B06_2_00EA73B0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EA3AC06_2_00EA3AC0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EBFFE06_2_00EBFFE0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EB81906_2_00EB8190
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F0C1106_2_00F0C110
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EC83A06_2_00EC83A0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00ED06606_2_00ED0660
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F086096_2_00F08609
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EC47C06_2_00EC47C0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F109926_2_00F10992
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EF09196_2_00EF0919
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F10AB26_2_00F10AB2
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EF0B4B6_2_00EF0B4B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EF0DB06_2_00EF0DB0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E98EA06_2_00E98EA0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E6CF406_2_00E6CF40
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EAD2C06_2_00EAD2C0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EF933A6_2_00EF933A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F014AF6_2_00F014AF
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E654006_2_00E65400
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F0D8E06_2_00F0D8E0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EBA5406_2_00EBA540
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E6A6106_2_00E6A610
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F168E06_2_00F168E0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EC28A06_2_00EC28A0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E62B006_2_00E62B00
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EEADD06_2_00EEADD0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EC6D436_2_00EC6D43
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EBF1506_2_00EBF150
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EFB3406_2_00EFB340
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00ECB4F06_2_00ECB4F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EC76026_2_00EC7602
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E6F8306_2_00E6F830
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EF39A46_2_00EF39A4
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EC3A306_2_00EC3A30
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E9FB406_2_00E9FB40
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E8BCB06_2_00E8BCB0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E93C506_2_00E93C50
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E67D106_2_00E67D10
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B52F07_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002BBB707_2_002BBB70
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002CC9D07_2_002CC9D0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002D126C7_2_002D126C
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002BD3407_2_002BD340
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002BEDE07_2_002BEDE0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002CCE7E7_2_002CCE7E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002C66E47_2_002C66E4
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_00406B648_2_00406B64
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B48C7718_2_6B48C771
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BC3CA8_2_6B4BC3CA
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BD20E8_2_6B4BD20E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4A92198_2_6B4A9219
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BDAF18_2_6B4BDAF1
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BD82A8_2_6B4BD82A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4A20FA8_2_6B4A20FA
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4AC78B8_2_6B4AC78B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4AE7908_2_6B4AE790
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4B36C38_2_6B4B36C3
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4A46E28_2_6B4A46E2
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4B8D2E8_2_6B4B8D2E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BD5808_2_6B4BD580
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BA59D8_2_6B4BA59D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BDDAC8_2_6B4BDDAC
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4A944B8_2_6B4A944B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BA47D8_2_6B4BA47D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4A1C868_2_6B4A1C86
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B526AF08_2_6B526AF0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B62A8CF8_2_6B62A8CF
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4FE75B8_2_6B4FE75B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B62A7EA8_2_6B62A7EA
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B51A44A8_2_6B51A44A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B62A4EC8_2_6B62A4EC
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4F336A8_2_6B4F336A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B5DB3B08_2_6B5DB3B0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B62F1D78_2_6B62F1D7
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B5C0A8E8_2_6B5C0A8E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B62C86F8_2_6B62C86F
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4F5B9D8_2_6B4F5B9D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4F5A598_2_6B4F5A59
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4F58F98_2_6B4F58F9
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B62DF068_2_6B62DF06
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B61DE248_2_6B61DE24
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4FDEEF8_2_6B4FDEEF
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B521EF48_2_6B521EF4
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4F5DC18_2_6B4F5DC1
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4F9C748_2_6B4F9C74
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4F93278_2_6B4F9327
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B57D38B8_2_6B57D38B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B6491408_2_6B649140
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B7197308_2_6B719730
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6E6E2F078_2_6E6E2F07
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess token adjusted: Load Driver
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess token adjusted: Security
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B566A1B appears 200 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B566A87 appears 143 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4F25C6 appears 191 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B566A51 appears 113 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B5669E8 appears 283 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4FAE1C appears 82 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4FAD14 appears 224 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B50F8D7 appears 91 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4BF420 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B54C485 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4FC6E4 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B566AC0 appears 112 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4FC5E1 appears 80 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4FC4DD appears 284 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B50F913 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B566772 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4FC7B4 appears 469 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B715170 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B4FB025 appears 99 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B5DC191 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: String function: 6B712930 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00E71BE0 appears 70 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00EE8DFE appears 103 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00EA8650 appears 192 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00F04231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00EE8375 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00EE8713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00EE9600 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00EE85BF appears 56 times
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: String function: 00EE8E31 appears 83 times
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: installer.exe.6.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 24653488 bytes, 137 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 895 datablocks, 0x1 compression
Source: sciterui.dll.8.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: CheatEngine75.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-BFF2E.tmp.11.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: sciterui.dll.8.drStatic PE information: No import functions for PE file found
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000000.1640525549.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2572336539.0000000002338000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Program Files (x86)\GUT7F2A.tmp, type: DROPPEDMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.00000000024A4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.00000000024A4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2086887281.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Z{app}\plugins\c# template\CEPluginLibrary.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.000000000241A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 1{app}\autorun\dlls\src\Mono\MonoDataCollector.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.00000000024ED000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: %{app}\plugins\example-c\example-c.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.00000000024B2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.00000000023EF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\CEPluginLibrary.csproj
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.000000000248D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -{app}\plugins\c# template\CEPluginLibrary.slna
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.000000000248D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: /{app}\autorun\dlls\src\Java\CEJVMTI\CEJVMTI.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2086887281.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ^{app}\autorun\dlls\src\Java\CEJVMTI\CEJVMTI.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2086887281.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: J{app}\plugins\example-c\example-c.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.00000000024A4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary.sln
Source: CheatEngine75.tmp, 0000000B.00000003.2086887281.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: {app}\plugins\c# template\CEPluginLibrary\CEPluginLibrary.csproj
Source: CheatEngine75.tmp, 0000000B.00000003.2274364063.0000000002422000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: @{app}\plugins\c# template\CEPluginLibrary\CEPluginLibrary.csproj
Source: CheatEngine75.tmp, 0000000B.00000003.2086887281.00000000034C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b{app}\autorun\dlls\src\Mono\MonoDataCollector.sln
Source: classification engineClassification label: mal56.rans.bank.spyw.evad.winEXE@78/858@0/12
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,8_2_0040350D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B57A11E __EH_prolog3_catch_GS,__EH_prolog3_catch_GS,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,GetShellWindow,GetWindowThreadProcessId,OpenProcess,GetLastError,GetShellWindow,GetProcessId,OpenProcessToken,GetLastError,DuplicateTokenEx,GetLastError,CreateProcessWithTokenW,GetLastError,GetLastError,8_2_6B57A11E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E74C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,6_2_00E74C8E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E75C1E CoCreateInstance,OleRun,6_2_00E75C1E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E95318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,6_2_00E95318
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4992:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpMutant created: \Sessions\1\BaseNamedObjects\{9bad0be7-37a7-44b5-940f-7c5abae5b463}Installer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeMutant created: \Sessions\1\BaseNamedObjects\norton-securebrowser_installer_mutex2
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\34a090237c19fd3519eb334979dc31d6
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3676:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6068:120:WilError_03
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\201c9d5e80419bcdfcbf4aa63480b83e
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6012:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6804:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2836:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{9bad0be7-37a7-44b5-940f-7c5abae5b463}Installer
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5680:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeFile created: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /silent7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cookie7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /ppi_icd7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cust_ini7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Enabled7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxyType7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Port7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: User7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Password7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Properties7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /smbupd7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: enable7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: count7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: servers7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: urlpgm7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: server07_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: http://7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: https://7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: allow_fallback7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: installer.exe7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: {versionSwitch}7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: stable7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: %s\%s7_2_002B52F0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: X>-7_2_002B52F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: SELECT ((visits.visit_time/1000000)-11644473600) AS vtime FROM 'visits' ORDER BY vtime DESC LIMIT 1;
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: SELECT last_visit_date / 1000000 AS vtime FROM 'moz_places' ORDER BY vtime DESC LIMIT 1;
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeReversingLabs: Detection: 39%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeProcess created: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp "C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp" /SL5="$20418,29027361,780800,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:aebce588-2047-4838-96b4-2abc3f1c4a20 /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeProcess created: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp "C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp" /SL5="$10484,26511452,832512,C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAntic
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAnticheat
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAnticheat
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RLAH2.tmp\_isetup\_setup64.tmp helper 105 0x40C
Source: C:\Users\user\AppData\Local\Temp\is-RLAH2.tmp\_isetup\_setup64.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0MzOEZBMEI2LTM5NTItNEZGQS1CQzQxLTM1RTgwN0M5RUQ5M30iIHVzZXJpZD0iezA5MUMwMDkxLTI0MUMtNDIwQS04ODhBLUUyMDg5OUU5ODA3NX0iIHVzZXJpZF9kYXRlPSIyMDI0MTAxMyIgbWFjaGluZWlkPSJ7MDAwMDdBNUMtMjRCNS1EM0Q0LTNCMDktOUREQTc5RDYwM0ZEfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMDEzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezdCOEUxNzU2LTA5MkQtNEQzQS1BQjEyLTk5MjRCRkMyRjEzOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iOTYxMCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{C38FA0B6-3952-4FFA-BC41-35E807C9ED93}" /silent
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeProcess created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeProcess created: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp "C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp" /SL5="$20418,29027361,780800,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDISTJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:aebce588-2047-4838-96b4-2abc3f1c4a20 /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeProcess created: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp "C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp" /SL5="$10484,26511452,832512,C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAntic
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAnticheat
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAnticheat
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RLAH2.tmp\_isetup\_setup64.tmp helper 105 0x40C
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0MzOEZBMEI2LTM5NTItNEZGQS1CQzQxLTM1RTgwN0M5RUQ5M30iIHVzZXJpZD0iezA5MUMwMDkxLTI0MUMtNDIwQS04ODhBLUUyMDg5OUU5ODA3NX0iIHVzZXJpZF9kYXRlPSIyMDI0MTAxMyIgbWFjaGluZWlkPSJ7MDAwMDdBNUMtMjRCNS1EM0Q0LTNCMDktOUREQTc5RDYwM0ZEfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMDEzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezdCOEUxNzU2LTA5MkQtNEQzQS1BQjEyLTk5MjRCRkMyRjEzOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iOTYxMCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{C38FA0B6-3952-4FFA-BC41-35E807C9ED93}" /silent
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: unknown unknown
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeProcess created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess created: unknown unknown
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess created: unknown unknown
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: zipfldr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeSection loaded: apphelp.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: version.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: profapi.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: cryptsp.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: rsaenh.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: dpapi.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: winhttp.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: mswsock.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: winnsi.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: webio.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: sspicli.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: dnsapi.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: schannel.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ntasn1.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ncrypt.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: msasn1.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: gpapi.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpSection loaded: cscapi.dll
Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-RLAH2.tmp\_isetup\_setup64.tmpSection loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeSection loaded: apphelp.dll
Source: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: taskschd.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Cheat Engine 7.5\windowsrepair.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: Cheat Engine.lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\Cheat Engine.exe
Source: Cheat Engine (64-bit SSE4-AVX2).lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
Source: Cheat Engine (64-bit).lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe
Source: Cheat Engine (32-bit).lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\cheatengine-i386.exe
Source: Cheat Engine tutorial.lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\Tutorial-i386.exe
Source: Cheat Engine tutorial (64-bit).lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe
Source: Cheat Engine help.lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\CheatEngine.chm
Source: Unload kernel module.lnk.11.drLNK file: ..\..\..\..\..\..\..\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
Source: Reset settings.lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\ceregreset.exe
Source: Lua documentation.lnk.11.drLNK file: ..\..\..\..\..\..\Windows\system32\notepad.exe
Source: Uninstall Cheat Engine.lnk.11.drLNK file: ..\..\..\..\..\..\Program Files\Cheat Engine 7.5\unins000.exe
Source: Cheat Engine.lnk0.11.drLNK file: ..\..\..\Program Files\Cheat Engine 7.5\Cheat Engine.exe
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile written: C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpAutomated click: Next
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeWindow detected: Number of UI elements: 39
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\unins000.dat
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-BFF2E.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-RQRMM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-R4GE2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-72BU9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-IV0NK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-N38VJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-KIRLN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FQGBJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-HGJT7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-TQQAG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-CL9N5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-AHB9O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-UF26U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win32\is-E37Q3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\win64\is-0FB03.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-2U6TF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FBMCH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-I2V54.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-JFS2A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-KL9VH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PSA9P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7QPMC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-BTJJH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-75TSL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-5I4UE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-NOICI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PKGDH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UDKLJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-4POE7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FMRQF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-J47E1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PGEV4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-KK00S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-VPM6Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-RVHMQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-16220.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-ANU26.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-UO5CC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-GCQDJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FBTQU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-1DQ1T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-336PT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-P7CS5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\tcclib\is-1CIQN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-OIUJN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-6P7I3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-K22G7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-EBO62.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-BMNFF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-IMQBP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-2QGRI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-37HLN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-40FGR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-NKDHL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-UDNJT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-DULMF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-MEENJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-2112F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-FTEJ1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-9BJ92.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-4TO7G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-U9SH0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-RMJML.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-34O27.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-2B88A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-AV53V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-I8P0I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-THMAN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-0TI5O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-U5JM5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-1UIMF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-M5AV9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-Q7UFI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-C5AM9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-D7525.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-3D3GL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-8M8PH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-45C74.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-H0IHB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-2543L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-HHTRD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-14FVE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-EJ9LQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-L1DGU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-7FPGT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\is-JUP9T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KEJ59.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-US35A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KN4PP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KGD5C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-9LVPH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-9OH1H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-4HJPQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-F584H.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-7FMG9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KBHQA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-BK3OO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\is-C5KE4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\is-K42BA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-6OKOE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-MGP2A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-MFVSU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-QU0GB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-OK3OK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-E1T68.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-FFHVM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-4SE94.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\sys\is-PQ9BK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\tcc
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\tcc\is-8TSOB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-501P5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-T4N3F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-NBMM7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-A45GA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-7EC02.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-L62H1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-TU9H5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-JJ49U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-568V6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-3U27L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-3JI95.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-SN34V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-OT2L8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-3E010.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-A3PV0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-42754.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-09AL1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\include\winapi\is-OHBQT.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-JE87D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-RTEI5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-ONG59.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-O59N1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-9U9B4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-P2ENR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7BM0M.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-5GVR6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-5LK6U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-JEI5U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-Q08M3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-CV4H4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-0BGBJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FUMG5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-MHK86.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-6OC6I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-HGRTQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-J4AE8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-M6QDN.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-LEND9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-K9HMC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-43BS0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-I78HF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-RA0R0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\languages\is-0AF20.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-F95P5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-FDDI5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-A5B9G.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-7CQ1E.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-0CE9E.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-U6G2I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-PDFMG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-H679F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-J64KJ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-CF49D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-LGB3P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-MM02R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-2JF6D.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ET21F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-4DCN2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-6N8A9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-5GPEK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-F5QPG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-2N3Q4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-584GI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-GTI0U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-KIFK6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-4LDQM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-ULVQD.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\images\is-UP8L6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-4G78C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-EP4AH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-GUI0I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-19C72.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-0E40O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-1GAVC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-JM5FQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-HO8MA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-ENPS2.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-RBTJ0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\forms\is-H2T8T.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-IT56N.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3T4D3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\is-T5U34.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-8SR0I.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-5T201.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-9MSQI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-3P2HH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-V34VI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-PKMDV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-9OFV8.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-IP33U.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-VMC2K.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-3RF09.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-8UK9S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-JS844.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-97HQG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-RFBAO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-9AVT7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\xml
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\xml\is-M5NVQ.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs32
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs32\is-NCEC0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs64
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\clibs64\is-JPS54.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-FSUG1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-1158P.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-F8MFP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-VU1B4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-JN7D0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-LUSKO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-MS1IL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-DV7SG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-42JIV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-51ITG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-95FLC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-HH7T1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-QTJKK.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-VCJ0O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-0BFCL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-T12KF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-P95ON.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\is-R3C09.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NP419.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-H70EH.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-J2BQ1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-49V1Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-F0BFV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-IHEQV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NP179.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-UMDF3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-VH49F.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-ROUDI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-DJH38.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-336LU.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-ULJII.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-DD0U1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-SFC4L.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-CIM80.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-D3B40.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-1A785.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-EEUM9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-GJHR4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-THFAG.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-I8VBM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\is-J46MR.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-5M78V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-43T6R.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-ELICB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-R89P4.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-43AFC.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-7RGDO.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-M12HS.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-AGB3S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\is-K33G0.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-NR97V.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-8R982.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-4F1HP.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-55SGL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-DIII9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-Q5KUL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-2JDHM.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-HTFR3.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-DS7TE.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-QF79C.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-8KF69.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-RNLT1.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-22RE5.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-R9IVV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-KPS6A.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-I9J88.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-APRT7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-J6PU7.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-HHLSI.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-1S6IF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-LRQNB.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-HGB3S.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-M2V7O.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-C9MLF.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-8THT9.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-P70KL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-BDIQL.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-NS0EV.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\badassets\is-Q6A3Q.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\is-2RTOA.tmp
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDirectory created: C:\Program Files\Cheat Engine 7.5\unins000.msg
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeDirectory created: C:\Program Files\Cheat Engine 7.5\autorun\ceshare\server.txt
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cheat Engine_is1
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeStatic file information: File size 29932568 > 1048576
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000000.2073108624.00000000003B5000.00000002.00000001.01000000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2906558496.00000000003B5000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\work\3db0bf373ac3fc9b\Release Midex\Midex.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\7c64e6304ba228bc\Plugins\nsJSON.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2929146264.000000006E6E6000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\ed1c64258fb55966\build\Release\thirdparty.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2927493989.000000006B48E000.00000002.00000001.01000000.00000017.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdba source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb@ source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb[ source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: added an option to skip loading .PDB files source: CheatEngine75.exe, 00000009.00000003.2293089149.00000000020B8000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2073488082.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2272556530.00000000035E3000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2277553220.0000000000945000.00000004.00000020.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2274364063.0000000002437000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2086887281.00000000034C0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2272972396.00000000037B1000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\9bf849bab5260311\Plugins\Release_Mini\StdUtils.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2927789642.000000006B4C3000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\work\c6a7e165ce7a986c\Unicode\Plugins\inetc.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\f369f300b8043bce\plugins\src\jsis\build\Release Unicode\jsis.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2928748307.000000006B722000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000007.00000000.2039583551.00000000002D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\work\893f00f663353e48\bin\x86\MinSizeRel\JsisPlugins.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\21e9bc5e69dd57f1\build\Release Unicode\jsisdl.pdb source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp
Source: is-RNLT1.tmp.11.drStatic PE information: 0xB4CEDA5D [Mon Feb 15 10:26:37 2066 UTC]
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EB2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,6_2_00EB2B30
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeStatic PE information: section name: .didata
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp.0.drStatic PE information: section name: .didata
Source: CheatEngine75.exe.2.drStatic PE information: section name: .didata
Source: saBSI.exe.2.drStatic PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.2.drStatic PE information: section name: .didat
Source: installer.exe.6.drStatic PE information: section name: _RDATA
Source: avg_antivirus_free_online_setup.exe.7.drStatic PE information: section name: .didat
Source: CheatEngine75.tmp.9.drStatic PE information: section name: .didata
Source: bug_report.exe.10.drStatic PE information: section name: _RDATA
Source: dump_process.exe.10.drStatic PE information: section name: .didat
Source: dump_process.exe.10.drStatic PE information: section name: _RDATA
Source: icarus_ui.exe.10.drStatic PE information: section name: _RDATA
Source: icarus.exe.10.drStatic PE information: section name: .didat
Source: icarus.exe.10.drStatic PE information: section name: _RDATA
Source: is-7CQ1E.tmp.11.drStatic PE information: section name: /4
Source: is-DD0U1.tmp.11.drStatic PE information: section name: /4
Source: is-BFF2E.tmp.11.drStatic PE information: section name: .didata
Source: is-72BU9.tmp.11.drStatic PE information: section name: /4
Source: is-IV0NK.tmp.11.drStatic PE information: section name: /4
Source: is-N38VJ.tmp.11.drStatic PE information: section name: /4
Source: is-TQQAG.tmp.11.drStatic PE information: section name: .didat
Source: is-TQQAG.tmp.11.drStatic PE information: section name: .mrdata
Source: is-CL9N5.tmp.11.drStatic PE information: section name: .didat
Source: is-CL9N5.tmp.11.drStatic PE information: section name: .mrdata
Source: is-AHB9O.tmp.11.drStatic PE information: section name: .eh_fram
Source: is-E37Q3.tmp.11.drStatic PE information: section name: .didat
Source: is-E37Q3.tmp.11.drStatic PE information: section name: .mrdata
Source: is-0FB03.tmp.11.drStatic PE information: section name: .didat
Source: is-0FB03.tmp.11.drStatic PE information: section name: .mrdata
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpCode function: 2_2_0019049F push cs; ret 2_2_001904A4
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C368C2 pushfd ; retf 6_3_05C368C3
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C368C2 pushfd ; retf 6_3_05C368C3
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C368C2 pushfd ; retf 6_3_05C368C3
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C373D7 push edi; iretd 6_3_05C373D8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C373D7 push edi; iretd 6_3_05C373D8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C373D7 push edi; iretd 6_3_05C373D8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C350DD push esp; iretd 6_3_05C350DE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C350DD push esp; iretd 6_3_05C350DE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C350DD push esp; iretd 6_3_05C350DE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38E63 pushad ; ret 6_3_05C38E65
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38E63 pushad ; ret 6_3_05C38E65
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38E63 pushad ; ret 6_3_05C38E65
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32409 push esi; retf 6_3_05C3242A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32409 push esi; retf 6_3_05C3242A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C32409 push esi; retf 6_3_05C3242A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C3623D push ss; ret 6_3_05C3627B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C3623D push ss; ret 6_3_05C3627B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C3623D push ss; ret 6_3_05C3627B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C368C2 pushfd ; retf 6_3_05C368C3
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C368C2 pushfd ; retf 6_3_05C368C3
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C368C2 pushfd ; retf 6_3_05C368C3
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C373D7 push edi; iretd 6_3_05C373D8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C373D7 push edi; iretd 6_3_05C373D8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C373D7 push edi; iretd 6_3_05C373D8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C350DD push esp; iretd 6_3_05C350DE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C350DD push esp; iretd 6_3_05C350DE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C350DD push esp; iretd 6_3_05C350DE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38E63 pushad ; ret 6_3_05C38E65
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38E63 pushad ; ret 6_3_05C38E65
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_3_05C38E63 pushad ; ret 6_3_05C38E65

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u7_2_002BA100
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-RNLT1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\CEPluginExample.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\libipt-64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-KL9VH.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-FBTQU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-RQRMM.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-N38VJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc32-32-linux.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-R9IVV.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\StdUtils.dllJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\is-TQQAG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\clibs64\is-JPS54.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-RTEI5.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-32-linux.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-ONG59.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-IV0NK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-72BU9.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-22RE5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-64-linux.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\libmikmod64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-4POE7.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-UDKLJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\is-E37Q3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-O59N1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-DD0U1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-0BGBJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-JFS2A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-VU1B4.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-FMRQF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\winhook-i386.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-JE87D.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\sciterui.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-5GVR6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-7QPMC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-J47E1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\is-CL9N5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-BTJJH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-PGEV4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-ANU26.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\psuser.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\is-AHB9O.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-R4GE2.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\dbghelp.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-PKGDH.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-RVHMQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-A5B9G.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-GCQDJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-7BM0M.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\clibs32\is-NCEC0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\symsrv.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\jsis.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-FUMG5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\AccessControl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeFile created: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\windowsrepair.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\libipt-32.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-NOICI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-VPM6Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\libmikmod32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\is-0FB03.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-KK00S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\inetc.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-BFF2E.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RLAH2.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-7CQ1E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-P2ENR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-75TSL.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-F8MFP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\lua53-32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\dbghelp.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\lua53-64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\is-UF26U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win64\sqlite3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-PSA9P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-OIUJN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc32-32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-5I4UE.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\tcc64-32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-FSUG1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-16220.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-I2V54.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-9U9B4.tmpJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-1158P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\is-UO5CC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\jsisdl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\Midex.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeFile created: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\thirdparty.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-JN7D0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\nsJSON.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus_mod.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002B52F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,7_2_002B52F0

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u7_2_002BA100
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine.lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit SSE4-AVX2).lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit).lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (32-bit).lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial.lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial (64-bit).lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine help.lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Kernel stuff
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Kernel stuff\Unload kernel module.lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Reset settings.lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Lua documentation.lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Uninstall Cheat Engine.lnk
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\net.exe "net" stop BadlionAntic
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\sc.exe "sc" delete BadlionAntic
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EA0540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,6_2_00EA0540
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Windows\System32\icacls.exe "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Checks if the current machine is a virtual machine (disk enumeration)
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Contain functionality to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: VBoxService.exe VBoxService.exe \VMware\VMware Tools \VMware\VMware Tools QEMU_ QEMU_ VMware Ven_Red_Hat&Prod_VirtIO DiskVBOX DiskVirtual QEMU_ QEMU_ VMware Ven_Red_Hat&Prod_VirtIO DiskVBOX DiskVirtual BOCHS VBOX PRLS 8_2_6B720B40
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: VBoxService.exe VBoxService.exe 8_2_6B721840
Contains functionality to compare user and computer (likely to detect sandboxes)
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: CreateToolhelp32Snapshot,lstrcmpiW,Process32FirstW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,Process32NextW,CloseHandle,lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrlenW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,GetFileAttributesW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,GetUserNameW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,8_2_6B720B40
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeSystem information queried: FirmwareTableInformation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: norton_secure_browser_setup.exeBinary or memory string: DIR_WATCH.DLL
Source: norton_secure_browser_setup.exeBinary or memory string: JOEBOXSERVER.EXE
Source: norton_secure_browser_setup.exe, norton_secure_browser_setup.exe, 00000008.00000002.2928921242.000000006B72C000.00000004.00000001.01000000.00000010.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
Source: norton_secure_browser_setup.exeBinary or memory string: SBIEDLL.DLL
Source: norton_secure_browser_setup.exeBinary or memory string: API_LOG.DLL
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_A64%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: norton_secure_browser_setup.exeBinary or memory string: SNIFF_HIT.EXE
Source: norton_secure_browser_setup.exeBinary or memory string: JOEBOXCONTROL.EXE
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: norton_secure_browser_setup.exeBinary or memory string: C:\MDS\WINDUMP.EXE
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
Source: norton_secure_browser_setup.exeBinary or memory string: SYSANALYZER.EXE
Source: norton_secure_browser_setup.exeBinary or memory string: WIRESHARK.EXE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware ToolsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E74C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,6_2_00E74C8E
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeWindow / User API: threadDelayed 782
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeWindow / User API: windowPlacementGot 1195
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-RNLT1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\CEPluginExample.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libipt-64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-KL9VH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-FBTQU.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc32-32-linux.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-R9IVV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdate.dllJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-TQQAG.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs64\is-JPS54.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-RTEI5.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-32-linux.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-ONG59.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-IV0NK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-72BU9.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-22RE5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-64-linux.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libmikmod64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-4POE7.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-UDKLJ.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-O59N1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-E37Q3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-DD0U1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-0BGBJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-JFS2A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-VU1B4.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-FMRQF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\winhook-i386.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-JE87D.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\sciterui.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-5GVR6.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-7QPMC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-J47E1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-CL9N5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-BTJJH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-PGEV4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-ANU26.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\is-AHB9O.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-PKGDH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-RVHMQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-A5B9G.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-GCQDJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-7BM0M.tmpJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs32\is-NCEC0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\symsrv.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\jsis.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-FUMG5.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\AccessControl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libipt-32.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-NOICI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\libmikmod32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-VPM6Q.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-0FB03.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-KK00S.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-P2ENR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-75TSL.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\lua53-32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-F8MFP.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\is-UF26U.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win64\sqlite3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\acuapi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-PSA9P.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-OIUJN.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\tcc32-32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-5I4UE.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-FSUG1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-16220.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-9U9B4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-I2V54.tmpJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-1158P.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\is-UO5CC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\jsisdl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\Midex.dllJump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\thirdparty.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-JN7D0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\nsJSON.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM7F29.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpDropped PE file which has not been started: C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_6-98813
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp TID: 4600Thread sleep time: -150000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp TID: 6868Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 5660Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe TID: 6188Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 6756Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 5336Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F09BF0 FindFirstFileExW,6_2_00F09BF0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002CA4B5 FindFirstFileExW,7_2_002CA4B5
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_004028D5 FindFirstFileW,8_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_0040679D FindFirstFileW,FindClose,8_2_0040679D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B48906B FindFirstFileExA,8_2_6B48906B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4C0DC6 FindFirstFileExW,8_2_6B4C0DC6
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B551A80 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,8_2_6B551A80
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B551AA0 FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,8_2_6B551AA0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B717010 lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrlenW,lstrcpyW,FindNextFileW,FindClose,8_2_6B717010
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00ED2782 VirtualQuery,GetSystemInfo,6_2_00ED2782
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpFile opened: C:\Users\userJump to behavior
Source: norton_secure_browser_setup.exeBinary or memory string: VMware
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2081133695.000000000324F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: norton_secure_browser_setup.exeBinary or memory string: VBoxService.exe
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003279000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /icarus-info-path:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20e33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: avg_antivirus_free_online_setup.exe, 0000000A.00000003.2077483303.000000000324F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:~
Source: norton_secure_browser_setup.exe, 00000008.00000003.2171220217.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2913461415.00000000008C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWO
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}},{"ad":{"n":"","f":"ZB_CCleaner_White","o":"CCleaner"},"ps":{"i":"CCleaner/images/CCleaner_White/DOTPS-734/EN.png","dn":"CCleaner","u":"CCleaner/files/DOTPS-1599/ccsetup627_slim.zip","p":"/S /PI=LS","r":["Piriform\\CCleaner","AVG\\TuneUp","Microsoft\\Windows\\CurrentVersion\\Uninstall\\AVG TuneUp","AVAST Software\\TuneUp","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast Cleanup"],"ctu":"https://www.ccleaner.com/legal/end-user-license-agreement","cp":"https://www.ccleaner.com/about/privacy-policy","pv":"1.33","cbfo":true,"ram":256,"disk":2560,"v":5}},{"ad":{"n":9,"nn":"Med_Ntiles","f":"ZB_Avast","o":"AVAST"},"ps":{"i":"AVAST/images/DOTPS-1511/547X280/EN.png","dn":"Avast Antivirus","u":"AVAST/files/cookie_mmm_irs_ppi_005_888_a.zip","p":"/silent /ws /psh:{pxl}","rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"r":["AVAST Software\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\AVG Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4CB91122-AA85-4431-953C-BEFAEC86DA97}_is1","WebBar","WebDiscoverBrowser","AVG\\Antivirus\\Version","AVG\\AV\\Dir"],"a":["AvastSvc","instup","AvastUI","AVGUI","avguix","AVGSvc","avgsvca"],"ctu":"https://www.avast.com/eula-avast-consumer-products","cp":"https://www.avast.com/privacy-policy","ov":61,"cbfo":true,"avauc":true,"avur":"AvUninstallTimestamp","pv":"1.29","x":12,"disk":2560,"ram":256,"iapp":["chrome.exe"],"v":1}},{"ad":{"n":"","f":"ZB_Opera_New_ISV","o":"Opera_new"},"ps":{"i":"Opera/images/DOTPS-717/NCB/EN.png","dn":"Opera","u":"Opera/files/AutoReplaced/OperaSetup.zip","p":"--silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_a","c":"opera_new_a","a":["OperaSetup","OperaSetu
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2438190565.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2046095457.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2093851092.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2078388708.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: #debughelper.rsvmwareisrunningiptbad
Source: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWG
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMWare seems to be running. It's known that some versions of vmware will cause a BSOD in combination with intel IPT. Do you still want to use intel IPT?
Source: norton_secure_browser_setup.exeBinary or memory string: QEMU_
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-vmx.exe
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: picked debug register vmware-vmx.exe
Source: norton_secure_browser_setup.exeBinary or memory string: \VMware\VMware Tools
Source: CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: debughelper.rsvmwareisrunningiptbad
Source: icarus.exe, 0000002F.00000002.2916767655.00000202256E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllff
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B720B40 CreateToolhelp32Snapshot,lstrcmpiW,Process32FirstW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,Process32NextW,CloseHandle,lstrlenW,lstrcpyW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrlenW,lstrcpyW,lstrcpyW,GetFileAttributesW,GetFileAttributesW,lstrcpyW,GetFileAttributesW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,lstrcpyW,lstrlenW,lstrlenW,lstrcpyW,GetFileAttributesW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,GetUserNameW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,8_2_6B720B40
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EE93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00EE93F2
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E85110 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,6_2_00E85110
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E74C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,6_2_00E74C8E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F17BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C6_2_00F17BC0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EB2B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,6_2_00EB2B30
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EFE8FE mov eax, dword ptr fs:[00000030h]6_2_00EFE8FE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F07CF2 mov eax, dword ptr fs:[00000030h]6_2_00F07CF2
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F07CAE mov eax, dword ptr fs:[00000030h]6_2_00F07CAE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F07C6A mov eax, dword ptr fs:[00000030h]6_2_00F07C6A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F07D23 mov eax, dword ptr fs:[00000030h]6_2_00F07D23
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002C7C5A mov eax, dword ptr fs:[00000030h]7_2_002C7C5A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B485683 mov eax, dword ptr fs:[00000030h]8_2_6B485683
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4AFBBF mov eax, dword ptr fs:[00000030h]8_2_6B4AFBBF
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4B147A mov eax, dword ptr fs:[00000030h]8_2_6B4B147A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4B14BE mov eax, dword ptr fs:[00000030h]8_2_6B4B14BE
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B617528 mov eax, dword ptr fs:[00000030h]8_2_6B617528
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B6175B4 mov eax, dword ptr fs:[00000030h]8_2_6B6175B4
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B600835 mov eax, dword ptr fs:[00000030h]8_2_6B600835
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00E7463F GetProcessHeap,6_2_00E7463F
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EE9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00EE9018
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EE93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00EE93F2
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EED453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00EED453
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EE9586 SetUnhandledExceptionFilter,6_2_00EE9586
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002C10FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_002C10FF
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002C1292 SetUnhandledExceptionFilter,7_2_002C1292
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002C13AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_002C13AB
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002C4476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_002C4476
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B486349 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6B486349
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4869A2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6B4869A2
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B48504A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6B48504A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BF76F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6B4BF76F
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4BF47B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6B4BF47B
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B4AFCD2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6B4AFCD2
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B567AD6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6B567AD6
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B567CDA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6B567CDA
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B5E7181 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6B5E7181
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B7158D0 lstrcmpW,SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,8_2_6B7158D0

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeNtQueryInformationProcess: Indirect: 0x7FF8E62DC34D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B71B610 nsExecLogonUser,8_2_6B71B610
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:aebce588-2047-4838-96b4-2abc3f1c4a20 /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7Jump to behavior
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-RLAH2.tmp\_isetup\_setup64.tmp helper 105 0x40C
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAntic
Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop BadlionAnticheat
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0MzOEZBMEI2LTM5NTItNEZGQS1CQzQxLTM1RTgwN0M5RUQ5M30iIHVzZXJpZD0iezA5MUMwMDkxLTI0MUMtNDIwQS04ODhBLUUyMDg5OUU5ODA3NX0iIHVzZXJpZF9kYXRlPSIyMDI0MTAxMyIgbWFjaGluZWlkPSJ7MDAwMDdBNUMtMjRCNS1EM0Q0LTNCMDktOUREQTc5RDYwM0ZEfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMDEzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezdCOEUxNzU2LTA5MkQtNEQzQS1BQjEyLTk5MjRCRkMyRjEzOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iOTYxMCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{C38FA0B6-3952-4FFA-BC41-35E807C9ED93}" /silent
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files\Cheat Engine 7.5\Cheat Engine.exeProcess created: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
Source: C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exeProcess created: unknown unknown
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess created: unknown unknown
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hvrwhs3vspr52dtrx3kxppc0dhv7awfthvhgxzv8v8wztgpdpeuhmlonugay8euqeydzh7hq /cookie:mmm_irs_ppi_902_451_o /ga_clientid:aebce588-2047-4838-96b4-2abc3f1c4a20 /edat_dir:c:\windows\temp\asw.1b43cf27584cc1f7
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum7f29.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0mzoezbmei2ltm5ntitnezgqs1cqzqxltm1rtgwn0m5ruq5m30iihvzzxjpzd0ieza5mumwmdkxlti0mumtndiwqs04odhbluuymdg5ouu5oda3nx0iihvzzxjpzf9kyxrlpsiymdi0mtaxmyigbwfjagluzwlkpsj7mdawmddbnumtmjrcns1em0q0ltncmdktoureqtc5rdywm0zefsigbwfjagluzwlkx2rhdgu9ijiwmjqxmdeziibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0iezdcoeuxnzu2lta5mkqtneqzqs1bqjeyltk5mjrcrkmyrjezoh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0iotyxmcivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{c38fa0b6-3952-4ffa-bc41-35e807c9ed93}" /silent
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe c:\windows\temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml /install /silent /ws /psh:92ptu5hvrwhs3vspr52dtrx3kxppc0dhv7awfthvhgxzv8v8wztgpdpeuhmlonugay8euqeydzh7hq /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hvrwhs3vspr52dtrx3kxppc0dhv7awfthvhgxzv8v8wztgpdpeuhmlonugay8euqeydzh7hq /cookie:mmm_irs_ppi_902_451_o /ga_clientid:aebce588-2047-4838-96b4-2abc3f1c4a20 /edat_dir:c:\windows\temp\asw.1b43cf27584cc1f7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe c:\windows\temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml /install /silent /ws /psh:92ptu5hvrwhs3vspr52dtrx3kxppc0dhv7awfthvhgxzv8v8wztgpdpeuhmlonugay8euqeydzh7hq /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20
Source: C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum7f29.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ie0mzoezbmei2ltm5ntitnezgqs1cqzqxltm1rtgwn0m5ruq5m30iihvzzxjpzd0ieza5mumwmdkxlti0mumtndiwqs04odhbluuymdg5ouu5oda3nx0iihvzzxjpzf9kyxrlpsiymdi0mtaxmyigbwfjagluzwlkpsj7mdawmddbnumtmjrcns1em0q0ltncmdktoureqtc5rdywm0zefsigbwfjagluzwlkx2rhdgu9ijiwmjqxmdeziibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0iezdcoeuxnzu2lta5mkqtneqzqs1bqjeyltk5mjrcrkmyrjezoh0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0iotyxmcivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{c38fa0b6-3952-4ffa-bc41-35e807c9ed93}" /silent
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B71A3A0 GetVersion,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,8_2_6B71A3A0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00EE9215 cpuid 6_2_00EE9215
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,6_2_00F045DA
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,6_2_00F0C65F
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,6_2_00F0C9ED
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,6_2_00F0C952
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,6_2_00F0C907
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_00F0CA80
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,6_2_00F0CCE0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00F0CE06
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00F0CFDB
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,6_2_00F0CF0C
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoEx,6_2_00EE7E28
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,6_2_00F03F6D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_6B4B439E
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,8_2_6B4B4278
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,8_2_6B4B1164
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,8_2_6B4B4025
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,8_2_6B4B3F9A
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,8_2_6B4B3E0D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,8_2_6B4B3EFF
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,8_2_6B4B3EB4
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_6B4B4573
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,8_2_6B4B0C40
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,8_2_6B4B3C12
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,8_2_6B4B44A4
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_6B61EB75
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,8_2_6B61EA4D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,8_2_6B612F18
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_6B61ED50
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,8_2_6B61EC7D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoEx,8_2_6B56637C
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,8_2_6B61E3C3
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,8_2_6B61E76D
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,8_2_6B61E7F8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,8_2_6B61E669
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: EnumSystemLocalesW,8_2_6B61E6D2
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,8_2_6B61E5C0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,8_2_6B6139CC
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,GetUserDefaultUILanguage,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wsprintfW,8_2_6B7178C0
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: GetLocaleInfoW,GlobalAlloc,GlobalAlloc,GlobalAlloc,lstrcpyW,lstrcpyW,wsprintfW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,8_2_6B717510
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: nsGetLocaleInfo,GetLocaleInfoW,8_2_6B71E580
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\logo.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\WebAdvisor.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\AVG_AV.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\finish.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmpQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeCode function: 6_2_00F04619 GetSystemTimeAsFileTime,6_2_00F04619
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B6579B6 __EH_prolog3_GS,LookupAccountNameW,GetLastError,8_2_6B6579B6
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 8_2_6B6126E8 _free,GetTimeZoneInformation,_free,8_2_6B6126E8
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 7_2_002BA100 GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,7_2_002BA100
Source: C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: norton_secure_browser_setup.exeBinary or memory string: C:\virus\virus.exe
Source: norton_secure_browser_setup.exeBinary or memory string: wireshark.exe
Source: norton_secure_browser_setup.exeBinary or memory string: C:\Kit\procexp.exe
Source: norton_secure_browser_setup.exeBinary or memory string: C:\virus.exe
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: WIN_XP
Source: norton_secure_browser_setup.exe, 00000008.00000002.2928263661.000000006B66E000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: Wk...RtlGetVersionD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppSeIncreaseQuotaPrivilege{} {}WIN_XPVISTAWIN7WIN8WIN8_1WIN10WIN11UNKNOWNMicrosoft\Internet Explorer\Quick Launch\User Pinned\TaskBar.lnkrunasCreating unelevated process {} {}Attempting to execute {} as a trusted executableTrust not established so execution has been abortedunelevatedcurrentTrust has been established so executing in {} contextChecking candidate thumbprint {}no-matchmatchedVerify certificate thumbprint for {} ({}) [{}]Validate certificate thumbprint for {} failed [{:#018x}]VInv{}alid signature for {} [result({:#010x}), possiblySelfSigned({}), allowSelfSigned({})]Validate signature for {} failed [{:#018x}]Verifying trust for {}not Trust {}established BuildCmdArgsToDeleteSelf::pathToDel [{}])BuildCmdArgsToDeleteSelf::rmParentDirDepth [{}])BuildCmdArgsToDeleteSelf::timeoutSecs [{}])/c timeout /nobreak /t {} && del /F /Q {}..BuildCmdArgsToDeleteSelf::subpath [{}]) && rmdir /Q {}BuildCmdArgsToDeleteSelf::cmdargs {}cmd.exeProcessDeleteSelf::cmdexe [{}]OSUtils::ProcessDeleteSelf: {} {}D:(A;OICI;GA;;;BA)(A;OICI;GRDT;;;WD)1\/J
Source: norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ...RtlGetVersionD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppD:\work\6641f181bd7f7928\src\acu\windows\utility\OSUtils.cppSeIncreaseQuotaPrivilege{} {}WIN_XPVISTAWIN7WIN8WIN8_1WIN10WIN11UNKNOWNMicrosoft\Internet Explorer\Quick Launch\User Pinned\TaskBar.lnkrunasCreating unelevated process {} {}Attempting to execute {} as a trusted executableTrust not established so execution has been abortedunelevatedcurrentTrust has been established so executing in {} contextChecking candidate thumbprint {}no-matchmatchedVerify certificate thumbprint for {} ({}) [{}]Validate certificate thumbprint for {} failed [{:#018x}]VInv{}alid signature for {} [result({:#010x}), possiblySelfSigned({}), allowSelfSigned({})]Validate signature for {} failed [{:#018x}]Verifying trust for {}not Trust {}established BuildCmdArgsToDeleteSelf::pathToDel [{}])BuildCmdArgsToDeleteSelf::rmParentDirDepth [{}])BuildCmdArgsToDeleteSelf::timeoutSecs [{}])/c timeout /nobreak /t {} && del /F /Q {}..BuildCmdArgsToDeleteSelf::subpath [{}]) && rmdir /Q {}BuildCmdArgsToDeleteSelf::cmdargs {}cmd.exeProcessDeleteSelf::cmdexe [{}]OSUtils::ProcessDeleteSelf: {} {}D:(A;OICI;GA;;;BA)(A;OICI;GRDT;;;WD)1\/J

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
1
Software		Acquire Infrastructure2
Valid Accounts		3
Native API		1
LSASS Driver		1
Abuse Elevation Control Mechanism		3
Disable or Modify Tools		1
OS Credential Dumping		2
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomains1
Replication Through Removable Media		12
Command and Scripting Interpreter		1
DLL Side-Loading		1
LSASS Driver		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		2
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job		1
Image File Execution Options Injection		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		Security Account Manager1
Account Discovery		SMB/Windows Admin Shares1
Clipboard Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts11
Service Execution		2
Valid Accounts		1
Image File Execution Options Injection		2
Obfuscated Files or Information		NTDS4
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd22
Windows Service		2
Valid Accounts		1
Timestomp		LSA Secrets57
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Scheduled Task/Job		21
Access Token Manipulation		1
DLL Side-Loading		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd Timers11
Registry Run Keys / Startup Folder		22
Windows Service		1
File Deletion		DCSync681
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration Job1
Bootkit		12
Process Injection		23
Masquerading		Proc Filesystem24
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting Interpreter1
Services File Permissions Weakness		1
Scheduled Task/Job		2
Valid Accounts		/etc/passwd and /etc/shadow12
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCron11
Registry Run Keys / Startup Folder		1
Modify Registry		Network Sniffing1
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchd1
Services File Permissions Weakness		24
Virtualization/Sandbox Evasion		Input Capture3
System Owner/User Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task21
Access Token Manipulation		Keylogging1
Remote System Discovery		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers12
Process Injection		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job1
Bootkit		Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood
Identify Business TempoBotnetHardware AdditionsPythonHypervisorProcess Injection1
Services File Permissions Weakness		Credential API HookingDomain GroupsExploitation of Remote ServicesRemote Email CollectionExternal ProxyTransfer Data to Cloud AccountReflection Amplification

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1532785 Sample: SecuriteInfo.com.Win32.Troj... Startdate: 13/10/2024 Architecture: WINDOWS Score: 56 171 Malicious sample detected (through community Yara rule) 2->171 173 Antivirus / Scanner detection for submitted sample 2->173 175 Multi AV Scanner detection for submitted file 2->175 177 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->177 11 SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe 2 2->11         started        14 NortonBrowserUpdate.exe 2->14         started        16 NortonBrowserUpdate.exe 2->16         started        18 msiexec.exe 2->18         started        process3 file4 131 SecuriteInfo.com.W...NV4.31044.30727.tmp, PE32 11->131 dropped 20 SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp 5 33 11->20         started        25 NortonBrowserUpdate.exe 14->25         started        process5 dnsIp6 153 108.138.2.33 AMAZON-02US United States 20->153 105 C:\Users\...\norton_secure_browser_setup.exe, PE32 20->105 dropped 107 C:\Users\...\avg_antivirus_free_setup.exe, PE32 20->107 dropped 109 C:\Users\user\AppData\Local\...\saBSI.exe, PE32 20->109 dropped 111 9 other files (7 malicious) 20->111 dropped 185 Writes many files with high entropy 20->185 27 avg_antivirus_free_setup.exe 1 3 20->27         started        32 norton_secure_browser_setup.exe 14 92 20->32         started        34 CheatEngine75.exe 20->34         started        36 2 other processes 20->36 file7 signatures8 process9 dnsIp10 155 172.217.16.206 GOOGLEUS United States 27->155 157 34.117.223.223 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 27->157 159 23.212.89.10 AKAMAI-ASUS United States 27->159 133 C:\...\avg_antivirus_free_online_setup.exe, PE32 27->133 dropped 195 Query firmware table information (likely to detect VMs) 27->195 197 Contains functionality to infect the boot sector 27->197 38 avg_antivirus_free_online_setup.exe 27->38         started        161 104.20.86.8 CLOUDFLARENETUS United States 32->161 135 C:\Users\user\AppData\...\thirdparty.dll, PE32 32->135 dropped 137 C:\Users\user\AppData\Local\...\sciterui.dll, PE32 32->137 dropped 139 C:\Users\user\AppData\Local\...\reboot.dll, PE32 32->139 dropped 145 9 other files (none is malicious) 32->145 dropped 199 Contain functionality to detect virtual machines 32->199 201 Checks if browser processes are running 32->201 203 Tries to harvest and steal browser information (history, passwords, etc) 32->203 207 3 other signatures 32->207 42 NortonBrowserUpdateSetup.exe 32->42         started        141 C:\Users\user\AppData\...\CheatEngine75.tmp, PE32 34->141 dropped 44 CheatEngine75.tmp 34->44         started        163 104.18.20.226 CLOUDFLARENETUS United States 36->163 165 52.38.199.125 AMAZON-02US United States 36->165 167 2.19.126.150 AKAMAI-ASUS European Union 36->167 143 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 36->143 dropped 205 Writes many files with high entropy 36->205 46 cheatengine-x86_64-SSE4-AVX2.exe 36->46         started        file11 signatures12 process13 dnsIp14 113 C:\Windows\Temp\...\icarus.exe, PE32+ 38->113 dropped 115 C:\Windows\Temp\...\setupui.cont, XZ 38->115 dropped 117 C:\...\ede2c28e-ba2a-4c13-92ac-ce68045195ae, LZMA 38->117 dropped 125 9 other files (5 malicious) 38->125 dropped 187 Query firmware table information (likely to detect VMs) 38->187 189 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 38->189 191 Writes many files with high entropy 38->191 49 icarus.exe 38->49         started        119 C:\...119ortonBrowserUpdate.exe, PE32 42->119 dropped 127 71 other files (none is malicious) 42->127 dropped 54 NortonBrowserUpdate.exe 42->54         started        121 cheatengine-x86_64-SSE4-AVX2.exe (copy), PE32+ 44->121 dropped 123 C:\Program Files\...\tiny.cepack (copy), data 44->123 dropped 129 124 other files (6 malicious) 44->129 dropped 56 net.exe 44->56         started        58 net.exe 44->58         started        60 sc.exe 44->60         started        62 6 other processes 44->62 169 172.67.35.220 CLOUDFLARENETUS United States 46->169 193 Found direct / indirect Syscall (likely to bypass EDR) 46->193 file15 signatures16 process17 dnsIp18 147 1.1.1.1 CLOUDFLARENETUS Australia 49->147 149 34.160.176.28 ATGS-MMD-ASUS United States 49->149 89 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 49->89 dropped 91 C:\Windows\Temp\...\icarus_product.dll, PE32+ 49->91 dropped 93 C:\Windows\Temp\...\aswOfferTool.exe, PE32 49->93 dropped 101 15 other files (8 malicious) 49->101 dropped 179 Query firmware table information (likely to detect VMs) 49->179 181 Writes many files with high entropy 49->181 95 C:\...95ortonBrowserUpdate.exe, PE32 54->95 dropped 97 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 54->97 dropped 99 C:\Program Files (x86)99orton\...\psuser.dll, PE32 54->99 dropped 103 70 other files (none is malicious) 54->103 dropped 183 Creates an undocumented autostart registry key 54->183 64 NortonBrowserUpdate.exe 54->64         started        66 NortonBrowserUpdate.exe 54->66         started        79 2 other processes 54->79 69 conhost.exe 56->69         started        71 net1.exe 56->71         started        73 conhost.exe 58->73         started        75 net1.exe 58->75         started        77 conhost.exe 60->77         started        81 4 other processes 62->81 file19 signatures20 process21 dnsIp22 83 NortonBrowserUpdateComRegisterShell64.exe 64->83         started        85 NortonBrowserUpdateComRegisterShell64.exe 64->85         started        87 NortonBrowserUpdateComRegisterShell64.exe 64->87         started        151 104.20.87.8 CLOUDFLARENETUS United States 66->151 process23

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe39%ReversingLabsWin32.Trojan.Generic
SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe100%AviraPUA/OfferCore.Gen

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler64.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateBroker.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateComRegisterShell64.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateCore.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateOnDemand.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateSetup.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateWebPlugin.exe0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\acuapi.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\acuapi_64.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdate.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_am.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ar.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_bg.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_bn.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ca.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_cs.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_da.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_de.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_el.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_en-GB.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_en.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_es-419.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_es.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_et.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fa.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fi.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fil.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_gu.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hi.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hu.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_id.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_is.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_it.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_iw.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ja.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_kn.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ko.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_lt.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_lv.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ml.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_mr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ms.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_nl.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_no.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pl.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pt-BR.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pt-PT.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ro.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ru.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sk.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sl.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sv.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sw.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ta.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_te.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_th.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_tr.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_uk.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ur.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_vi.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_zh-CN.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\goopdateres_zh-TW.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\npNortonBrowserUpdate3.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\psmachine.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\psmachine_64.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\psuser.dll0%ReversingLabs
C:\Program Files (x86)\GUM7F29.tmp\psuser_64.dll0%ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe0%ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe0%ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exe0%ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe0%ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe0%ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe0%ReversingLabs
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
https://www.remobjects.com/ps0%URL Reputationsafe
https://www.innosetup.com/0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z0%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.avast.com/privacy-policyySecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
    		unknown
    https://www.opera.SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      https://webcompanion.com/termsSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000086B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        https://www.nortonlifelock.com/us/en/legal/license-services-agreement/exeWApSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          https://www.nortonlifelock.com/us/en/legal/license-services-agreement/exeSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://home.mcafee.com/Root/AboutUs.aspx?id=eulaSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/saBSI.exe, 00000006.00000003.2121317210.000000000365F000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://www.opera.com/he/eula/computersISecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://analytics.apis.mcafee.comsesaBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://d34hwk9wxgk5fi.cloudfront.net/f/SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1640936924.00000000025D0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.2572336539.00000000022DD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2551218210.00000000034D1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2547608857.0000000002430000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2553055406.00000000035A9000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1650100849.0000000003460000.00000004.00001000.00020000.00000000.sdmpfalse
                      		unknown
                      https://www.avast.com/eula-avast-consumerSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://d34hwk9wxgk5fi.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://honzik.avcdn.net/defs/avg-av/release.xml.lzmaavg_antivirus_free_online_setup.exe, 0000000A.00000003.2225550092.000000000329D000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://sadownload.mcafee.com/bsaBSI.exe, 00000006.00000003.2093851092.00000000035EC000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://www.premieropinion.com/common/termsofservice-v1SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000834000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://www.winzip.com/win/en/privacy.html#SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000823000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://www.avast.com/eula-avast-consumSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.avast.com/eula-avast-consumer-productSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://docs.google.com/norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://www.avg.com/ww-en/eula.net/SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2565168107.0000000006784000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://firefoxextension.avast.com/aos/update.jsonavg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://honzik.avcdn.net/universe/c686/cdd7/4a82/c686cdd74a82dffd852bfe5b739bd2022835b25941d394935b0avg_antivirus_free_online_setup.exe, 0000000A.00000003.2225550092.000000000329D000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://sadownload.mcafee.com/products/sa/bsi/win/binary/saBSI.exe, 00000006.00000003.2235464437.0000000005C06000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2599785109.0000000005C06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://honzik.avcdn.netavg_antivirus_free_online_setup.exe, 0000000A.00000003.2301315155.000000000329D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://stats.securebrowser.comnsSetFatalTrackingUrlnorton.installer.fataleventnsAddFatalTrackingParnorton_secure_browser_setup.exe, 00000008.00000002.2917141259.0000000002776000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.opera.com~LSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://www.remobjects.com/psSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000000.1648123468.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000000.2081270018.0000000000401000.00000020.00000001.01000000.00000016.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlsaBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003642000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600499936.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2092832631.0000000003641000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601189192.0000000005BF2000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235464437.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://www.innosetup.com/SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000000.1648123468.0000000000401000.00000020.00000001.01000000.00000004.sdmp, CheatEngine75.exe, 00000009.00000003.2075868357.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.exe, 00000009.00000003.2077804990.000000007FB30000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000000.2081270018.0000000000401000.00000020.00000001.01000000.00000016.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://winqual.sb.avast.comavg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://honzik.avcdn.net/universe/7dcb/3284/d637/7dcb3284d637fb01aca0aa743bab8ab85de550c34e1bd91be16avg_antivirus_free_online_setup.exe, 0000000A.00000003.2301315155.0000000003286000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBIavg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.avast.com/eula-avast-consuASecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://my.avast.comavg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml7_)YsaBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.avast.com/eula-avast-consumer-productsKA;SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EC86DwSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.0000000005010000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://analytics.avcdn.net/v4/receive/json/25Sentavg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000000.2073108624.00000000003B5000.00000002.00000001.01000000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2906558496.00000000003B5000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                          		unknown
                                                                          https://www.mcafee.com/consumer/v/wa-how.html6saBSI.exe, 00000006.00000002.2616174087.000000000358E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://www.avg.coSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://www.nortonlifelock.com/us/en/legal/license-services-agreement/yBSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2561618911.0000000006770000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://www.avast.com/privacy-poliSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xmlsaBSI.exe, 00000006.00000003.2453533840.000000000363B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2436222904.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003642000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2092832631.0000000003641000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.00000000035EC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.000000000363B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://www.ccleaner.com/legal/end-user-license-agreementSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zipSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0avg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676889305.00000000048EA000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2676690940.00000000048D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://id.avast.com/inAvastiumavg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://analytics.avcdn.net:443/v4/receive/json/25ddiskVolume3avg_antivirus_free_online_setup.exe, 0000000A.00000002.2910483130.0000000003226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://chrome.google.com/webstorenorton_secure_browser_setup.exe, 00000008.00000003.2171617035.0000000003E4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://shepherd.avcdn.netavg_antivirus_free_online_setup.exe, 0000000A.00000003.2331141766.0000000005A47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.avast.com/privacy-policy2SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://drive-daily-2.corp.google.com/norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://www.avast.com/eula-avast-consumer-SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/images/943/EN.png3SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://reasonlabs.com/policiestSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000084C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000854000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://www.360totalsecurity.com/en/privacy/jSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000886000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.opera.com/he/eula/computersSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://sadownload.mcafee.com:443/products/SA/BSI/bsi_vars.xmlsaBSI.exe, 00000006.00000003.2115665410.00000000035EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://drive-daily-1.corp.google.com/norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeavg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://drive-daily-5.corp.google.com/norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.ccleaner.com/legal/end-user-license-agSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000834000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordNsaBSI.exe, 00000006.00000003.2600767153.00000000035EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://pair.ff.avast.comavg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/images/1509/EN.png(SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://www.avast.com/privacy-pSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/files/1319/avg.zipdSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.ccleaner.com/legal/end-user-licenSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://www.opera.com/he/eula/computersdSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000823000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://https://:allow_fallback/installer.exeavg_antivirus_free_setup.exe, 00000007.00000000.2039583551.00000000002D3000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtdCheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://submit.sb.avast.com/V1/PD/avg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/rsaBSI.exe, 00000006.00000000.2023314090.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://d34hwk9wxgk5fi.cloudfront.net/SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717815440.0000000000808000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://viruslab-samples.sb.avast.comavg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zavg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.nortonlifelock.com/norton_secure_browser_setup.exe, 00000008.00000003.2181441906.0000000004B61000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.0000000003090000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000003.2181550576.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2920836120.000000000337E000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2906202688.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E13000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000001B.00000003.2197020441.0000000004380000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.mcafee.com/consumer/en-us/policy/legal.htmlJSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2542404299.0000000000834000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000082E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/965/64/installer.exeexesaBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://drive-preprod.corp.google.com/norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://www.cheatengine.org/CheatEngine75.exe, 00000009.00000003.2293089149.0000000002141000.00000004.00001000.00020000.00000000.sdmp, CheatEngine75.tmp, 0000000B.00000003.2274364063.0000000002511000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xmlrtedsaBSI.exe, 00000006.00000003.2115665410.00000000035E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://analytics.apis.mcafee.com/saBSI.exe, 00000006.00000002.2616174087.00000000035EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://sadownload.mcafee.com/products/SA/v1/bsisaBSI.exe, 00000006.00000003.2600499936.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235464437.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2623979179.0000000005BF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://sadownload.mcafee.com/products/sa/bsi/win/binarysaBSI.exe, 00000006.00000003.2600499936.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2235464437.0000000005BF1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2623979179.0000000005BF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://www.avast.com/eula-avast-conSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.0000000000835000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.winzip.com/win/en/eula.htmlSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.2369831141.000000000081A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717619202.000000000081C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgiavg_antivirus_free_setup.exe, 00000007.00000003.2676387339.00000000048BF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000002.2910400838.00000000048C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://www.opera.cSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://ocsp.sectigo.com0SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1644245040.0000000002710000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe, 00000000.00000003.1646629301.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://www.avast.SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000003.1717306286.000000000086D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/saBSI.exe, 00000006.00000003.2453533840.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2115590845.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2600767153.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2437112418.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2587951873.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2460285059.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2552127114.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2601645634.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000003.2461044211.0000000003657000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000006.00000002.2616174087.0000000003657000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://stats.securebrowser.com?_=1728854973486norton_secure_browser_setup.exe, 00000008.00000003.2171617035.0000000003E22000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000008.00000002.2925360499.0000000003E13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeavg_antivirus_free_online_setup.exe, 0000000A.00000003.2355127190.0000000005A12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://d34hwk9wxgk5fi.cloudfront.net/f/AVG_AV/images/1509/EN.pngng0SSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, 00000002.00000002.2555273137.00000000050A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://www.avast.com0/avg_antivirus_free_setup.exe, 00000007.00000003.2068947344.0000000004911000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000002.2916761731.0000000005280000.00000002.00000001.00040000.00000013.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2169131592.0000000005C7A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2119267137.0000000005A11000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2266836472.0000000005B10000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2303629445.0000000005BDF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000A.00000003.2231287231.0000000005DF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://cheatengine.org/microtransaction.php?action=buy&amount=CheatEngine75.tmp, 0000000B.00000003.2258205559.00000000050D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown

                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                              Public IPs

                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                              34.117.223.223
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                              1.1.1.1
                                                                                                                                                                                              		unknownAustralia
                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                              23.212.89.10
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		16625AKAMAI-ASUSfalse
                                                                                                                                                                                              104.20.86.8
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                              52.38.199.125
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                              172.217.16.206
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                              2.19.126.150
                                                                                                                                                                                              		unknownEuropean Union
                                                                                                                                                                                              		16625AKAMAI-ASUSfalse
                                                                                                                                                                                              104.20.87.8
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                              104.18.20.226
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                              108.138.2.33
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                              172.67.35.220
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                              34.160.176.28
                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                              		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                              General Information

                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                              Analysis ID:1532785
                                                                                                                                                                                              Start date and time:2024-10-13 23:27:18 +02:00
                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                              Overall analysis duration:0h 12m 51s
                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                              Report type:full
                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                              Number of analysed new started processes analysed:52
                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                              Technologies:
                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                              Sample name:SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                              Classification:mal56.rans.bank.spyw.evad.winEXE@78/858@0/12
                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                              • Successful, ratio: 75%
                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                              • Successful, ratio: 90%
                                                                                                                                                                                              • Number of executed functions: 134
                                                                                                                                                                                              • Number of non-executed functions: 199
                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                              Warnings

                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                              • Execution Graph export aborted for target SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp, PID 1468 because there are no executed function
                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                              • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                                                                              • VT rate limit hit for: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe

                                                                                                                                                                                              Simulations

                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                              17:28:50API Interceptor9x Sleep call for process: SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp modified
                                                                                                                                                                                              17:29:25API Interceptor2x Sleep call for process: avg_antivirus_free_setup.exe modified
                                                                                                                                                                                              17:29:30API Interceptor8x Sleep call for process: avg_antivirus_free_online_setup.exe modified
                                                                                                                                                                                              17:29:55API Interceptor2x Sleep call for process: NortonBrowserUpdate.exe modified
                                                                                                                                                                                              17:30:12API Interceptor155x Sleep call for process: cheatengine-x86_64-SSE4-AVX2.exe modified
                                                                                                                                                                                              22:29:49Task SchedulerRun new task: NortonUpdateTaskMachineCore path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/c
                                                                                                                                                                                              22:29:50Task SchedulerRun new task: NortonUpdateTaskMachineUA path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/ua /installsource scheduler

                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                              IPs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              34.117.223.223Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                              1.1.1.1PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                                                              • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                                                                                                                                                                                              AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 1.1.1.1/
                                                                                                                                                                                              INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                                                                                                                                                                                              Go.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 1.1.1.1/

                                                                                                                                                                                              Domains

                                                                                                                                                                                              No context

                                                                                                                                                                                              ASNs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttp://bancolombia-personas-co.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                              http://bancolombia-seguridad-co.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                              http://telegiraum.club/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                              SecuriteInfo.com.Trojan.PWS.Stealer.39881.18601.16388.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                              http://bancolombia-seguridad-co.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                              http://telegiraum.club/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                              https://shawri.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 34.117.77.79
                                                                                                                                                                                              https://currenntlyattyah06.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 34.117.77.79
                                                                                                                                                                                              svchost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 34.117.59.81
                                                                                                                                                                                              c5yDnHUmFv.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                              • 34.117.188.166
                                                                                                                                                                                              CLOUDFLARENETUSSecuriteInfo.com.Trojan.Siggen29.50366.26295.18671.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                              • 104.20.4.235
                                                                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 172.67.206.204
                                                                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.53.8
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.53.8
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.53.8
                                                                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 172.67.206.204
                                                                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.53.8
                                                                                                                                                                                              https://fexegreuyauja-8124.vercel.app/mixc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 172.67.75.166
                                                                                                                                                                                              https://pub-c5538851da6244d790b9ba2a84c8b2af.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.17.25.14
                                                                                                                                                                                              AKAMAI-ASUSSecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              https://steamcommunityv.com/redeemwalletcode/gift/514590383Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 88.221.169.65
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              SecuriteInfo.com.Trojan.GenericKD.74258817.17122.7170.exeGet hashmaliciousVidar, XmrigBrowse
                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                              CLOUDFLARENETUSSecuriteInfo.com.Trojan.Siggen29.50366.26295.18671.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                              • 104.20.4.235
                                                                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 172.67.206.204
                                                                                                                                                                                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.53.8
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.53.8
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.53.8
                                                                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 172.67.206.204
                                                                                                                                                                                              SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              • 104.21.53.8
                                                                                                                                                                                              https://fexegreuyauja-8124.vercel.app/mixc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 172.67.75.166
                                                                                                                                                                                              https://pub-c5538851da6244d790b9ba2a84c8b2af.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.17.25.14

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              No context

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler64.exeLisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                                  SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                                    C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler.exeLisect_AVT_24003_G1B_127.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                      SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                                        SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Config.Msi\47b85c.rbs

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):7854
                                                                                                                                                                                                          Entropy (8bit):5.497436798881579
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:dgezvRyzSIgzSzXReJ7aY7jMgDwzgs+Bd4C/Q/Bp:djvkzezkXRo2Y7jMgDBBd4C/Q/Bp
                                                                                                                                                                                                          MD5:32F96851241E16F68A0B8967AD32E88F
                                                                                                                                                                                                          SHA1:52A48001A5C3AFB711C5E8F9EF5A8636185BDACB
                                                                                                                                                                                                          SHA-256:CCAF237407886C8BFAB2348640A41DFF83FF3D943887F204928C67DEFE1BFE30
                                                                                                                                                                                                          SHA-512:75D9AB20D42EEE1D639EC92E4EC4E8265D6F88D7DBEC85B7834D4C9E01CFB32D7A395832C036042B151D2E70DBB2B68AF748A7EF1B35DA91BAD2FDC55C4EECF2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...@IXOS.@.....@..MY.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{717B7059-A988-492F-AF1B-DCF70BE809AB}&.{469D3039-E8BB-40CB-9989-158443EEA4EB}.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......SOFTWARE\Norton\Browser\Update.............................................. ...!.......?........... ... .......?...................?.........................................8......................1.?l.cL<.P...b....~z................. ... ...................$.N.......@....'.&...MsiStubRun..#0....RegisterProduct..Registering product..[1]......C:\Windows\Installer\4

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\@PaxHeader

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28
                                                                                                                                                                                                          Entropy (8bit):3.5566567074628233
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:XVTKlUv:FTj
                                                                                                                                                                                                          MD5:B9EA04357667FD46353CA3E48F346261
                                                                                                                                                                                                          SHA1:CB35A329D04D990B937CB8C6C49ACC8D80AD45A3
                                                                                                                                                                                                          SHA-256:FDF34D3C6716526200DFC4F81AD1CB1BFDA51EC9DB20C2C0E7CDD08C179A6DE3
                                                                                                                                                                                                          SHA-512:5B07BA516C030BD3689F21939A2EEA417B603A9FA8BEBCF4D9BAED190B67E7784F1A0458A022450F5DDD99F6D9913BA45D2EB1DCE4E011842A5CB33B3695C93B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:28 mtime=1686233326.3398783.

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):383232
                                                                                                                                                                                                          Entropy (8bit):4.3682050352007735
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                                                          MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                                          SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                                                          SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                                                          SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: Lisect_AVT_24003_G1B_127.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserCrashHandler64.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):404480
                                                                                                                                                                                                          Entropy (8bit):4.403596063022666
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                                                          MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                                          SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                                                          SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                                                          SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: Lisect_AVT_24003_G1B_127.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.InstallCore.4086.7598.27088.exe, Detection: malicious, Browse
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):440608
                                                                                                                                                                                                          Entropy (8bit):4.477495049012643
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                          MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                          SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                          SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateBroker.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):384296
                                                                                                                                                                                                          Entropy (8bit):4.381583745540333
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                                                          MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                                                          SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                                                          SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                                                          SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):438592
                                                                                                                                                                                                          Entropy (8bit):6.45992761938075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                                                          MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                          SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                                                          SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                                                          SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateCore.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):755696
                                                                                                                                                                                                          Entropy (8bit):5.78064070271127
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                                                          MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                                                          SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                                                          SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                                                          SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateHelper.msi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):3.710330368678027
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                          MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                          SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                          SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                          SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):384808
                                                                                                                                                                                                          Entropy (8bit):4.377706577325397
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                                                          MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                                                          SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                                                          SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                                                          SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1910576
                                                                                                                                                                                                          Entropy (8bit):7.58137479903026
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                          MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                          SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                          SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                          SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):384808
                                                                                                                                                                                                          Entropy (8bit):4.377540113876844
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                                                          MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                                                          SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                                                          SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                                                          SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\acuapi.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):561456
                                                                                                                                                                                                          Entropy (8bit):6.89287156869539
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                                                          MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                                                          SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                                                          SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                                                          SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\acuapi_64.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):719056
                                                                                                                                                                                                          Entropy (8bit):6.672324901238704
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                                                          MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                                                          SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                                                          SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                                                          SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdate.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1707520
                                                                                                                                                                                                          Entropy (8bit):6.329347716504747
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                                                          MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                                                          SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                                                          SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                                                          SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_am.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                                                          Entropy (8bit):4.850152460164065
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                                                          MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                                                          SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                                                          SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                                                          SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ar.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):42944
                                                                                                                                                                                                          Entropy (8bit):4.835542008183028
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                                                          MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                                                          SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                                                          SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                                                          SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_bg.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.8691314938087595
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                                                          MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                                                          SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                                                          SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                                                          SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_bn.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.936222804071481
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                                                          MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                                                          SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                                                          SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                                                          SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ca.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.655403186782661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                                                          MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                                                          SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                                                          SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                                                          SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_cs.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.69656607023198
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                                                          MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                                                          SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                                                          SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                                                          SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_da.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.656501839350111
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                                                          MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                                                          SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                                                          SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                                                          SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_de.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                                                          Entropy (8bit):4.647516797051505
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                                                          MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                                                          SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                                                          SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                                                          SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_el.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.945276126044921
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                                                          MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                                                          SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                                                          SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                                                          SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_en-GB.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.636317941438334
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                                                          MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                                                          SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                                                          SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                                                          SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_en.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                                                          Entropy (8bit):4.6565699525229025
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                                                          MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                                                          SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                                                          SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                                                          SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_es-419.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.646030612051221
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                                                          MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                                                          SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                                                          SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                                                          SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_es.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                                                          Entropy (8bit):4.630177626115215
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                                                          MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                                                          SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                                                          SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                                                          SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_et.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.645463686029905
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                                                          MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                                                          SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                                                          SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                                                          SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fa.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                                                          Entropy (8bit):4.845272670813686
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                                                          MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                                                          SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                                                          SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                                                          SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fi.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.6596573287160785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                                                          MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                                                          SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                                                          SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                                                          SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fil.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.640479522161056
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                                                          MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                                                          SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                                                          SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                                                          SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_fr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.662517782893104
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                                                          MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                                                          SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                                                          SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                                                          SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_gu.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.923122510985089
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                                                          MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                                                          SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                                                          SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                                                          SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hi.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.8817065986468595
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                                                          MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                                                          SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                                                          SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                                                          SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.6636431303483
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                                                          MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                                                          SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                                                          SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                                                          SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_hu.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.688666100525905
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                                                          MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                                                          SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                                                          SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                                                          SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_id.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.639484979051941
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                                                          MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                                                          SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                                                          SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                                                          SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_is.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.658477005342536
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                                                          MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                                                          SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                                                          SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                                                          SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_it.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.6324666300251005
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                                                          MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                                                          SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                                                          SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                                                          SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_iw.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):42432
                                                                                                                                                                                                          Entropy (8bit):4.854173056599383
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                                                          MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                                                          SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                                                          SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                                                          SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ja.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):41408
                                                                                                                                                                                                          Entropy (8bit):4.883723947959775
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                                                          MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                                                          SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                                                          SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                                                          SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_kn.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.954692594620765
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                                                          MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                                                          SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                                                          SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                                                          SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ko.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):40896
                                                                                                                                                                                                          Entropy (8bit):4.911833136088746
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                                                          MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                                                          SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                                                          SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                                                          SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_lt.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.677692678096642
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                                                          MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                                                          SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                                                          SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                                                          SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_lv.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.703009692113209
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                                                          MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                                                          SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                                                          SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                                                          SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ml.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):48136
                                                                                                                                                                                                          Entropy (8bit):4.926909967496055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                                                          MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                                                          SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                                                          SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                                                          SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_mr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.898551846960824
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                                                          MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                                                          SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                                                          SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                                                          SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ms.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.652027629630858
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                                                          MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                                                          SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                                                          SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                                                          SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_nl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.64263735417891
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                                                          MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                                                          SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                                                          SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                                                          SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_no.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.660574455025035
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                                                          MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                                                          SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                                                          SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                                                          SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.699948735964885
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                                                          MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                                                          SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                                                          SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                                                          SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pt-BR.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.66752824702996
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                                                          MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                                                          SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                                                          SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                                                          SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_pt-PT.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.646340111209961
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                                                          MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                                                          SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                                                          SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                                                          SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ro.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.668533720243672
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                                                          MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                                                          SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                                                          SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                                                          SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ru.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.876003031420293
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                                                          MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                                                          SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                                                          SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                                                          SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sk.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.69456859037089
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                                                          MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                                                          SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                                                          SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                                                          SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.657549160186828
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                                                          MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                                                          SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                                                          SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                                                          SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.872942179610346
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                                                          MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                                                          SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                                                          SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                                                          SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sv.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.664578663662526
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                                                          MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                                                          SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                                                          SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                                                          SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_sw.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.694492393037756
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                                                          MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                                                          SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                                                          SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                                                          SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ta.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                                                          Entropy (8bit):4.948448659499415
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                                                          MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                                                          SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                                                          SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                                                          SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_te.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.900098776782017
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                                                          MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                                                          SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                                                          SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                                                          SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_th.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                                                          Entropy (8bit):4.898585189301246
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                                                          MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                                                          SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                                                          SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                                                          SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_tr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.710217028647626
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                                                          MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                                                          SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                                                          SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                                                          SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_uk.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.886468370762969
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                                                          MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                                                          SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                                                          SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                                                          SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_ur.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.8564330106913625
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                                                          MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                                                          SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                                                          SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                                                          SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_vi.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.771867334398084
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                                                          MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                                                          SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                                                          SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                                                          SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_zh-CN.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):38816
                                                                                                                                                                                                          Entropy (8bit):4.841517965818435
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                                                          MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                                                          SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                                                          SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                                                          SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\goopdateres_zh-TW.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):38816
                                                                                                                                                                                                          Entropy (8bit):4.854603942594096
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                                                          MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                                                          SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                                                          SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                                                          SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\npNortonBrowserUpdate3.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):519152
                                                                                                                                                                                                          Entropy (8bit):6.796206581178465
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                                                          MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                                                          SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                                                          SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                                                          SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\psmachine.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):396216
                                                                                                                                                                                                          Entropy (8bit):6.6364472604888975
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                                                          MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                                                          SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                                                          SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                                                          SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\psmachine_64.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):521784
                                                                                                                                                                                                          Entropy (8bit):6.353157166068969
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                                                          MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                                                          SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                                                          SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                                                          SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\psuser.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):396216
                                                                                                                                                                                                          Entropy (8bit):6.636012823818412
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                                                          MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                                                          SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                                                          SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                                                          SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUM7F29.tmp\psuser_64.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):521784
                                                                                                                                                                                                          Entropy (8bit):6.352828173572569
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                                                          MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                                                          SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                                                          SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                                                          SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\GUT7F2A.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          File Type:POSIX tar archive
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11550720
                                                                                                                                                                                                          Entropy (8bit):6.033044964444277
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:+aEmBopka2Rn0ttjsQlms7+oWD0/v+lzP+5ItO04rq7D0S8zpWwRFh4rH5EaFh4l:SpF2Rn0ttjt7+1I0RQcmiGYTGLB
                                                                                                                                                                                                          MD5:0E16371DE9A96CAA60FFE3CCAFBC8343
                                                                                                                                                                                                          SHA1:DFF8071D944CDE352DE9F34CCFE785F7DE1C3C0B
                                                                                                                                                                                                          SHA-256:9DAB943357DBFEBD3F2AC522D9C4565E90EB8428A01248F7F1D68BFB75B5A416
                                                                                                                                                                                                          SHA-512:28D6C511392E06CD0A4EB19573DF78A0E12215253D36ED10BB84AD70203A9204C1638AA836BD57AAD036D2BA6D31AB5F827AC60F81A1F4C26B89C56B25FC49CB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                          • Rule: PlugXStrings, Description: PlugX Identifying Strings, Source: C:\Program Files (x86)\GUT7F2A.tmp, Author: Seth Hardy
                                                                                                                                                                                                          Preview:././@PaxHeader......................................................................................0000000.0000000.0000000.00000000034.00000000000.011452. x....................................................................................................ustar.00................................................................0000000.0000000........................................................................................................................................................................28 mtime=1686220543.2942097.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):383232
                                                                                                                                                                                                          Entropy (8bit):4.3682050352007735
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                                                          MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                                          SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                                                          SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                                                          SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):404480
                                                                                                                                                                                                          Entropy (8bit):4.403596063022666
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                                                          MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                                          SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                                                          SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                                                          SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):440608
                                                                                                                                                                                                          Entropy (8bit):4.477495049012643
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                          MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                          SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                          SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):384296
                                                                                                                                                                                                          Entropy (8bit):4.381583745540333
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                                                          MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                                                          SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                                                          SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                                                          SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):438592
                                                                                                                                                                                                          Entropy (8bit):6.45992761938075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                                                          MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                          SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                                                          SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                                                          SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):755696
                                                                                                                                                                                                          Entropy (8bit):5.78064070271127
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                                                          MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                                                          SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                                                          SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                                                          SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateHelper.msi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):3.710330368678027
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                          MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                          SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                          SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                          SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):384808
                                                                                                                                                                                                          Entropy (8bit):4.377706577325397
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                                                          MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                                                          SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                                                          SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                                                          SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1910576
                                                                                                                                                                                                          Entropy (8bit):7.58137479903026
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                          MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                          SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                          SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                          SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):384808
                                                                                                                                                                                                          Entropy (8bit):4.377540113876844
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                                                          MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                                                          SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                                                          SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                                                          SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):561456
                                                                                                                                                                                                          Entropy (8bit):6.89287156869539
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                                                          MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                                                          SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                                                          SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                                                          SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):719056
                                                                                                                                                                                                          Entropy (8bit):6.672324901238704
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                                                          MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                                                          SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                                                          SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                                                          SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1707520
                                                                                                                                                                                                          Entropy (8bit):6.329347716504747
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                                                          MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                                                          SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                                                          SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                                                          SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                                                          Entropy (8bit):4.850152460164065
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                                                          MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                                                          SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                                                          SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                                                          SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):42944
                                                                                                                                                                                                          Entropy (8bit):4.835542008183028
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                                                          MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                                                          SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                                                          SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                                                          SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.8691314938087595
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                                                          MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                                                          SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                                                          SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                                                          SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.936222804071481
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                                                          MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                                                          SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                                                          SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                                                          SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.655403186782661
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                                                          MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                                                          SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                                                          SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                                                          SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.69656607023198
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                                                          MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                                                          SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                                                          SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                                                          SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.656501839350111
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                                                          MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                                                          SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                                                          SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                                                          SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                                                          Entropy (8bit):4.647516797051505
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                                                          MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                                                          SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                                                          SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                                                          SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.945276126044921
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                                                          MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                                                          SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                                                          SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                                                          SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.636317941438334
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                                                          MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                                                          SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                                                          SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                                                          SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                                                          Entropy (8bit):4.6565699525229025
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                                                          MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                                                          SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                                                          SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                                                          SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.646030612051221
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                                                          MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                                                          SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                                                          SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                                                          SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                                                          Entropy (8bit):4.630177626115215
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                                                          MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                                                          SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                                                          SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                                                          SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.645463686029905
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                                                          MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                                                          SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                                                          SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                                                          SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                                                          Entropy (8bit):4.845272670813686
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                                                          MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                                                          SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                                                          SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                                                          SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.6596573287160785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                                                          MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                                                          SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                                                          SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                                                          SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.640479522161056
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                                                          MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                                                          SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                                                          SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                                                          SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.662517782893104
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                                                          MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                                                          SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                                                          SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                                                          SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.923122510985089
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                                                          MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                                                          SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                                                          SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                                                          SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.8817065986468595
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                                                          MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                                                          SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                                                          SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                                                          SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.6636431303483
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                                                          MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                                                          SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                                                          SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                                                          SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.688666100525905
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                                                          MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                                                          SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                                                          SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                                                          SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.639484979051941
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                                                          MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                                                          SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                                                          SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                                                          SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.658477005342536
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                                                          MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                                                          SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                                                          SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                                                          SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.6324666300251005
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                                                          MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                                                          SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                                                          SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                                                          SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):42432
                                                                                                                                                                                                          Entropy (8bit):4.854173056599383
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                                                          MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                                                          SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                                                          SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                                                          SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):41408
                                                                                                                                                                                                          Entropy (8bit):4.883723947959775
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                                                          MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                                                          SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                                                          SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                                                          SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.954692594620765
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                                                          MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                                                          SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                                                          SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                                                          SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):40896
                                                                                                                                                                                                          Entropy (8bit):4.911833136088746
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                                                          MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                                                          SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                                                          SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                                                          SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.677692678096642
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                                                          MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                                                          SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                                                          SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                                                          SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.703009692113209
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                                                          MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                                                          SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                                                          SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                                                          SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):48136
                                                                                                                                                                                                          Entropy (8bit):4.926909967496055
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                                                          MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                                                          SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                                                          SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                                                          SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.898551846960824
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                                                          MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                                                          SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                                                          SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                                                          SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.652027629630858
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                                                          MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                                                          SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                                                          SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                                                          SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46056
                                                                                                                                                                                                          Entropy (8bit):4.64263735417891
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                                                          MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                                                          SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                                                          SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                                                          SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.660574455025035
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                                                          MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                                                          SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                                                          SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                                                          SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.699948735964885
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                                                          MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                                                          SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                                                          SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                                                          SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.66752824702996
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                                                          MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                                                          SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                                                          SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                                                          SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.646340111209961
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                                                          MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                                                          SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                                                          SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                                                          SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.668533720243672
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                                                          MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                                                          SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                                                          SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                                                          SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.876003031420293
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                                                          MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                                                          SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                                                          SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                                                          SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.69456859037089
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                                                          MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                                                          SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                                                          SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                                                          SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45544
                                                                                                                                                                                                          Entropy (8bit):4.657549160186828
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                                                          MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                                                          SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                                                          SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                                                          SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.872942179610346
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                                                          MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                                                          SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                                                          SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                                                          SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.664578663662526
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                                                          MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                                                          SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                                                          SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                                                          SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.694492393037756
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                                                          MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                                                          SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                                                          SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                                                          SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):47080
                                                                                                                                                                                                          Entropy (8bit):4.948448659499415
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                                                          MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                                                          SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                                                          SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                                                          SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46568
                                                                                                                                                                                                          Entropy (8bit):4.900098776782017
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                                                          MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                                                          SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                                                          SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                                                          SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44008
                                                                                                                                                                                                          Entropy (8bit):4.898585189301246
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                                                          MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                                                          SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                                                          SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                                                          SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.710217028647626
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                                                          MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                                                          SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                                                          SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                                                          SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.886468370762969
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                                                          MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                                                          SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                                                          SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                                                          SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):45032
                                                                                                                                                                                                          Entropy (8bit):4.8564330106913625
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                                                          MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                                                          SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                                                          SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                                                          SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):44520
                                                                                                                                                                                                          Entropy (8bit):4.771867334398084
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                                                          MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                                                          SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                                                          SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                                                          SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):38816
                                                                                                                                                                                                          Entropy (8bit):4.841517965818435
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                                                          MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                                                          SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                                                          SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                                                          SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):38816
                                                                                                                                                                                                          Entropy (8bit):4.854603942594096
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                                                          MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                                                          SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                                                          SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                                                          SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):519152
                                                                                                                                                                                                          Entropy (8bit):6.796206581178465
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                                                          MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                                                          SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                                                          SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                                                          SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):396216
                                                                                                                                                                                                          Entropy (8bit):6.6364472604888975
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                                                          MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                                                          SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                                                          SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                                                          SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):521784
                                                                                                                                                                                                          Entropy (8bit):6.353157166068969
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                                                          MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                                                          SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                                                          SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                                                          SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):396216
                                                                                                                                                                                                          Entropy (8bit):6.636012823818412
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                                                          MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                                                          SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                                                          SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                                                          SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):521784
                                                                                                                                                                                                          Entropy (8bit):6.352828173572569
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                                                          MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                                                          SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                                                          SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                                                          SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                          C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):440608
                                                                                                                                                                                                          Entropy (8bit):4.477495049012643
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                          MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                          SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                          SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\CSCompiler.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33688
                                                                                                                                                                                                          Entropy (8bit):7.20956664617613
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:zVYdpNkp9TvDXy2XmVEV3GPkjVvDXy2ulqwVEV3GPkjL:zVY1+nCDOEECDbOEw
                                                                                                                                                                                                          MD5:4ACE42D6530AF699FEB2372F805A6A40
                                                                                                                                                                                                          SHA1:FB8C7352808F104E851468F25D0DD14A25B8CFCA
                                                                                                                                                                                                          SHA-256:13DCE393B59B9EF4A5D4FCDC27267D018B350BDC44A62AACC5DBC7F1DF7F7A1C
                                                                                                                                                                                                          SHA-512:8BB770F304CD8BA23FB2A64370D74AC3FDC134235FF39802983B9BABDE12AB00E49A746F3C2113520F0E135CDFD1473C0B4B64272279D13E576912126AA556D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0............."3... ...@....... ....................................`..................................2..O....@...................g...`...... 2..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H........"..............................................................R..{....o.....o....&*&...}....*..0............r...p(......,.....r...po.......8.....{.....o......{....r...p(........,..{.....{....o.....r;..p(.......{..........%...o......o....o...........,e....+F....o......o....o........(....rI..p.o......o....o....(....o........X.....o....o..........-...+....+..*..(.......s ...}.....{.....o!.....{.....o"....*.0............|....(#.....,..|....($....*....0..............(%..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):399264
                                                                                                                                                                                                          Entropy (8bit):6.025523802176381
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:G0N02KsbnIU70vYrRHAjC0Y0glwgugEnoSE5jq:U2tIUYArRv0Y0glwgugEnoSE5jq
                                                                                                                                                                                                          MD5:F921416197C2AE407D53BA5712C3930A
                                                                                                                                                                                                          SHA1:6A7DAA7372E93C48758B9752C8A5A673B525632B
                                                                                                                                                                                                          SHA-256:E31B233DDF070798CC0381CC6285F6F79EA0C17B99737F7547618DCFD36CDC0E
                                                                                                                                                                                                          SHA-512:0139EFB76C2107D0497BE9910836D7C19329E4399AA8D46BBE17AE63D56AB73004C51B650CE38D79681C22C2D1B77078A7D7185431882BAF3E7BEF473AC95DCE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.......................P....)...-................@.......................... ..................................................d........................k..................................P.......................0................................text...P........................... ..`.data....).......*..................@....rdata.............................@..@.bss.....-...............................CRT................................@....idata..............................@....rsrc...............................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\CheatEngine.chm (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):306758
                                                                                                                                                                                                          Entropy (8bit):7.936079952495831
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:/UuFqUYSsTDiKebI7F03RPf2rB84daXcXrcURJo8tGgqQdB5+cbsQe/zQXE9LA2:tFhYSsnl0I7FG8S4daC/RGg1bnerQILf
                                                                                                                                                                                                          MD5:BB80FEC3B6E843B61859914480706CD9
                                                                                                                                                                                                          SHA1:0CED874BEE5BDA6059B5195911AA117693D9D2DE
                                                                                                                                                                                                          SHA-256:2D52F9D59211F8906ACE16525721B1400343BDF720F062CF111D84089F129009
                                                                                                                                                                                                          SHA-512:78D8A024DABD111B59BEEA4DC21150C7FBB3A6924201D2F3FF9E720E4BBC967BBFF285BA2064BC35C260FFDE433C639FDC0252C47AE29B43398117EDA21CF648
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:ITSF....`........2.........|.{.......".....|.{......."..`...............x.......T0.......0..............F...............ITSP....T...........................................j..].!......."..T...............PMGLS................/..../#IDXHDR..t.../#ITBITS..../#IVB...B.,./#STRINGS...O.r./#SYSTEM..v.6./#TOPICS...t.../#URLSTR...t.[./#URLTBL...t.../#WINDOWS...2.../$FIftiMain...<..8./$OBJINST...}.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...y../$WWKeywordLinks/..../$WWKeywordLinks/BTree..z.L./$WWKeywordLinks/Data...F.../$WWKeywordLinks/Map...G../$WWKeywordLinks/Property...Y ./0-ptaddresslist.html...8.S./1-ptmemoryview.html......./2-ptondebugevent.html...".../3-ptprocesswatcherevent.html...;.i$/3Dpinballforwindowspointercode.html.....s /4-ptfunctionpointerschange.html...$.2./5-ptmainmenu.html...V.]./aa_addextracommand.html...v.../aa_removeextracommand.html......./About.html...q."./Aboutb1.JPG...*.i./AboutCheatEngine.html.....U./Aboutthedebugger.html.....V./address.html...9.../Ad

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\DotNetDataCollector32.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):183200
                                                                                                                                                                                                          Entropy (8bit):6.842191242335636
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:KAm/u5ImKJacvUOQC2mCDiGuTEG2BiERGNcCYOqtwyROYeoHVP0bkHnP0z:Niu5MJa9hZun2BiERaEwyOM2Qsz
                                                                                                                                                                                                          MD5:F1C9C9A8B035DA9385D88CA34CD49305
                                                                                                                                                                                                          SHA1:77E48F73C224949EC8BD8A32087609B7BF217E94
                                                                                                                                                                                                          SHA-256:4168D6408994A297665AEEA68ABB6C062D58EA00851751959557E7F8A8BAC17D
                                                                                                                                                                                                          SHA-512:D7BD2FC8592E18CA46CDF1DC74496CF3CB5EF991F4BD9E141DEEABA0F665E731A5953CAAF1CD39859817EB6D0C1B77700FE08EEED15320757B3FA36D798C4C7B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cK..'*..'*..'*....[.-*....Y..*..uB...*..uB..6*..uB..5*....X.=*....a.,*..'*..V*...C..!*...CU.&*...C..&*..Rich'*..................PE..L....(.c............................$U............@.................................(D....@..................................F..x....p...............`...k......d....7..p............................7..@............................................text............................... ..`.rdata..^...........................@..@.data........P.......@..............@....rsrc........p.......J..............@..@.reloc..d............L..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\DotNetDataCollector64.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):210336
                                                                                                                                                                                                          Entropy (8bit):6.575377720318411
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:vWMJUr2f2Im9kj/FqgmHpJ1/YCVuIB9Vxv7bn1UC9gfkCeEWHFP0jHzP0Q:vWc02f2R6FqgoJ1boIPRUsfGjQQ
                                                                                                                                                                                                          MD5:A2C0B5D0D9E5C2A2C774E8B587850447
                                                                                                                                                                                                          SHA1:C8AA4CB01676D57B34AAB22C7FD018B63DFF6892
                                                                                                                                                                                                          SHA-256:F0F3D0FAD632D9DDAC8FF0B4EAEC20094FA0F9ABDDF784954DFBB0723A997F21
                                                                                                                                                                                                          SHA-512:85F4AEB562424ABF0E2BC5EDE0CDF0052FBB15E7DF70F691C11B06171A8A45A6672C2C688CD5B6FFEBEE16C36FDAC7978E39CA04F8C29F75D588D2ACA3599395
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..........rZ.....rX.:..................rY....f.`..........(......(.T....(......Rich...........PE..d....(.c..........".................<X.........@....................................^.....`.................................................L...x........................k..............p...............................................(............................text............................... ..`.rdata..............................@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):242616
                                                                                                                                                                                                          Entropy (8bit):6.432754517349666
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Bj9mOBuELLZXBJPCR6ygny56rs+iO2AwCNCtALb44TPk3Ap1rleY/DptNH/P0uHV:fn7LhBJ9W56A+iOlfN/LbZnbptN0uZH
                                                                                                                                                                                                          MD5:9AF96706762298CF72DF2A74213494C9
                                                                                                                                                                                                          SHA1:4B5FD2F168380919524ECCE77AA1BE330FDEF57A
                                                                                                                                                                                                          SHA-256:65FA2CCB3AC5400DD92DDA5F640445A6E195DA7C827107260F67624D3EB95E7D
                                                                                                                                                                                                          SHA-512:29A0619093C4C0ECF602C861EC819EF16550C0607DF93067EAEF4259A84FD7D40EB88CD5548C0B3B265F3CE5237B585F508FDD543FA281737BE17C0551163BD4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........H..................$...t.................@.............................................................................d....................H...k..................................P.......................4................................text............................... ..`.data...$...........................@....rdata..............................@..@.bss....t....P...........................CRT.................,..............@....idata..............................@....rsrc................:..............@.../4......$............F..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\Tutorial-i386.cepack (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1112834
                                                                                                                                                                                                          Entropy (8bit):7.995534990823338
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:24576:H1XCCswrgMlbH4v3Cj6N3yHORtmV7VJPX/uPQDNDcpLwBlxaZm5g5Gvh6at0:ACRlbHhj6N3vR4Vt/uSN2L6LaZAgcvHC
                                                                                                                                                                                                          MD5:38B22DEDFBCAFE1376ACEB7A0722FB8F
                                                                                                                                                                                                          SHA1:6C96AA4E7C71C82A82951443BA6DAE9019601E55
                                                                                                                                                                                                          SHA-256:F092D81531B8603A52F70245D041E2C43B020280BD9F358172330FF405E451CD
                                                                                                                                                                                                          SHA-512:135EF19161572A57AE1BC618C6CC7FDE889BD1A5C88E6125080C3712E7F0AE96F2A9B7728765C1B115F91CE48200CA47CA0C43E31625CBD11DFFA181610F03CA
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:CEPACK..&..}|T.7~Nf.L...@..".2(..Di....M#.....(meJ.(7...'..'.f.0.k..V.....k...QQf...HqB(N.b@jO.T..&C.2...93.....y>...=s.w.....k...R..zN.q...H..8._....U.3i.[...i.........5{K.3.-.....|...g.{cv..t....^..U..yb..'...4JD.[...I...t.x]f...c.y#8.....U..;I.....ro....M..Qo..?&.....g......|.?.^w#......%@OV.wO....r.x..7.#.PFJP...B...9n.O|..-.F>.w....1...[.....^6..q......p..~{.V..<-Xp.z..z....m..........=5......n.......}..).....x...........,.m...0......1.....>..^._d...~...<.........b=...62...L.g1x6...lf.B./fp...0x)..1.....\.....a.j..c.z.o`..........v..`p9...\..Z..dp=.w1.E..a.^..c.~..`p...2......a....3...>..b...g......V.... ....bp...Q..3..`#.M..dp..g38..f./d.b..2x...2x.........^.....f.z.o`..........v..`p9...\..Z..dp=.w1.E..e.>..g...70. ...|.....ap;.;..c.)...|......`.....2x..!.....c.7...62...L.g1x6...lf.B./fp...0x)..1.....\.....a.j..c.z.o`..........v..`p9...\..Z..dp=.w1.E..a.^..c.~..`p...2......a....3...>..b...g......V.... ....bp...q..3..`#.M..dp..g38..f./d.b..2x...2x...

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3403192
                                                                                                                                                                                                          Entropy (8bit):6.035185815441339
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:ar2V9BrWblVbqS1+Cxz0MB95D//ocnaMo6WuDgRPZO/Y12y6Pu:aqV9BqzbqSR009StqG
                                                                                                                                                                                                          MD5:1C1630B241D5A6BE07BFBA2B3EA97A25
                                                                                                                                                                                                          SHA1:7203255D1A6021874D41A48FCD5719FD7034F34C
                                                                                                                                                                                                          SHA-256:526CDDD0D843F5984AC6CB98D28F22B090682C3A8704122B644EC8AE2C9A10E5
                                                                                                                                                                                                          SHA-512:BDDEDB575FEBF8C8103CFBB1981FD1D5F20D2E0F1D6F4252A98930D587420A69750DDC1BE46932CDF979B8633054321F462557D88349459E111BE43139BEFF4A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........3......./..... z..tN...j..0,.......................................@4.......4.......................................................2.......2..3... 0.......3..k..................................p...(.....................2..............................text... z.......|.................. ..`.data...tN.......P..................@....rdata...7....!..8....!.............@..@.pdata....... 0.......0.............@..@.bss.....j...02..........................CRT..........2.......2.............@....idata...;....2..<....2.............@....rsrc....3....2..4...L2.............@.../4...........04.......3.............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\allochook-i386.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):336600
                                                                                                                                                                                                          Entropy (8bit):6.344264969706984
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:6LYEDJlXw5pAnHp2ukwTX6N8B4A84zMtEl1knxgaPZ3nbanlYZn2l1S2CAYOpIOs:6LYEDJAAnHp2uk2KNO0tEQV+b3n6
                                                                                                                                                                                                          MD5:19D52868C3E0B609DBEB68EF81F381A9
                                                                                                                                                                                                          SHA1:CE365BD4CF627A3849D7277BAFBF2F5F56F496DC
                                                                                                                                                                                                          SHA-256:B96469B310BA59D1DB320A337B3A8104DB232A4344A47A8E5AE72F16CC7B1FF4
                                                                                                                                                                                                          SHA-512:5FBD53D761695DE1DD6F0AFD0964B33863764C89692345CAB013C0B1B6332C24DCF766028F305CC87D864D17229D7A52BF19A299CA136A799053C368F21C8926
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...G.3..D....G...C.......P.......................................E...............................P.......@..P...................@....g...`...$...................................................A..t............................text....3.......4.................. ..`.data...D....P.......8..............@....rdata...a...p...b...L..............@..@.bss.....G...............................CRT.........0......................@....idata..y....@......................@....edata.......P......................@..@.reloc...$...`...&..................@..B.stab... ...........................@..B.stabstr............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\allochook-x86_64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):479536
                                                                                                                                                                                                          Entropy (8bit):5.994666279988566
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:Tch6UtcJYg8yRAkB+vsoqOvfkv+y3ilZkaCeMG:e6Utc6gdcfkv+KIR
                                                                                                                                                                                                          MD5:DAA81711AD1F1B1F8D96DC926D502484
                                                                                                                                                                                                          SHA1:7130B241E23BEDE2B1F812D95FDB4ED5EECADBFD
                                                                                                                                                                                                          SHA-256:8422BE70E0EC59C962B35ACF8AD80671BCC8330C9256E6E1EC5C07691388CD66
                                                                                                                                                                                                          SHA-512:9EAA8E04AD7359A30D5E2F9256F94C1643D4C3F3C0DFF24D6CD9E31A6F88CB3B470DD98F01F8B0F57BB947ADC3D45C35749ED4877C7CBBBCC181145F0C361065
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................& ...G.......XJ..P................................................................................................`.......P..P...............t1.......g...p..(...................................................`S...............................text.............................. ..`.data...............................@....rdata..............................@..@.pdata..t1.......2..................@..@.bss....XJ...............................CRT.........@......................@....idata.......P......................@....edata.......`......................@..@.reloc..(....p......................@..B/4..................................@..B/16.................................@..B/30.................................@..B/42.....@...........................@..B........................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\DotNetInject.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8088
                                                                                                                                                                                                          Entropy (8bit):5.172167677485522
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:zuiTTPEYya1gq5jfFEYQhRIA03xB97cq1fvhEN:ztTzyapKRiG
                                                                                                                                                                                                          MD5:B5AE011C70C1D26CC31A5D818D60E53C
                                                                                                                                                                                                          SHA1:7BE6AD86FCC9208D6F21B9F1D464B6334E64922B
                                                                                                                                                                                                          SHA-256:31ED4209776DBFAD74EC811326439D26C02B6AB653056D5E171D952C12D3F25B
                                                                                                                                                                                                          SHA-512:440B1AFC72D671D8AA663B6672371AC365029525EE055CF380A9C9C84625FD5FA2B328110633A183F87CECF8D1D2CACB62E49A7EB382B30AAA75DA5B3D2F3054
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--[[..You have a d:\bla.dll with namespace ClassLibraryX, with a class named "MyClass"..That class contains a function defined as:..public static int MyInitFunctionName(string parameters)....then you do: injectDotNetDLL('d:\\bla.dll','ClassLibraryX.MyClass','MyInitFunctionName','Something')....--]]....local DotNetCoreInjectScript=[[..[enable]..alloc(injectdotnetdll, 2048)..alloc(IID_ICLRRuntimeHost4,16)..alloc(RuntimeHost,8)....alloc(paramstr,256)..alloc(methodname,256)..alloc(classname,256)..alloc(dllpath,512)....alloc(returnvalue,4)..alloc(errorvalue,4)..label(error)....dllpath:..dw '%s',0....classname:..dw '%s',0....methodname:..dw '%s',0....paramstr:..dw '%s',0......IID_ICLRRuntimeHost4:..db 66 d3 f6 64 c2 d7 1f 4f b4 b2 e8 16 0c ac 43 af....injectdotnetdll:..[64-bit]..sub rsp,6*8+8..mov rcx,IID_ICLRRuntimeHost4..mov rdx,RuntimeHost..[/64-bit]....[32-bit]..push RuntimeHost..push IID_ICLRRuntimeHost4..[/32-bit]....call GetCLRRuntimeHost..cmp eax,0..jne error....[64-bit]..mov rcx,[Ru

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\DotNetInterface.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20837
                                                                                                                                                                                                          Entropy (8bit):4.996731854830045
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:Rmi4uQRgQgAgm2+CXgSKgKghmg60gGg4tgKplg/Dhrf+1e5l7jTRgzKgIgmoJMQZ:y3KQBHvSo9a452TZ0YgkP
                                                                                                                                                                                                          MD5:04CDE30D6AA9999A846B5FC3CFC1F56C
                                                                                                                                                                                                          SHA1:2187AB73161EE8A516D25F8295BB4C7E3DA2F7E3
                                                                                                                                                                                                          SHA-256:EAE2A91808BB58B386F3BDDE75176C7208C22BF5515C5D6E467C583DF2E72E15
                                                                                                                                                                                                          SHA-512:FB2F27F3981E587DDD379D54999067092DC2FBE2F243E4A49B2F9D4DA172907D169BC708AA0840631C951FB01CCB9E69A403EB2E19A5F1AFF1BE3FF0EEC27C62
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview: ..--same as monodatacollector but for .net and .netcore..--can theoretically be used on mono as well....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetforceddatacollector.po')..end......local pathsep..local libfolder....if getOperatingSystem()==0 then.. pathsep=[[\]].. libfolder='dlls'..else.. pathsep='/'.. libfolder='dylibs'..end....dotnet_timeout=3000....DOTNETCMD_TEST=0..DOTNETCMD_INITMODULELIST=1..DOTNETCMD_GETMETHODENTRYPOINT=2..DOTNETCMD_GETFIELDTYPENAME=3..DOTNETCMD_GETFIELDVALUE=4..DOTNETCMD_SETFIELDVALUE=5..DOTNETCMD_LOADMODULE=6..DOTNETCMD_GETMETHODPARAMETERS=7..DOTNETCMD_WRAPOBJECT=8..DOTNETCMD_UNWRAPOBJECT=9..DOTNETCMD_INVOKEMETHOD=10....DOTNETCMD_FIND_MODULEID_WITH_CLASSLIST=11......DOTNETCMD_EXIT=255......dotnetmodulelist={}....function dotnet_findDotNetMethodAddress(namespace, classname, methodname, modulename).. --print(string.format("dotnet_findDotNetMethodAddress('%s','%s','%s','%s')",namespace,classname, methodname, modulenam

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\addtonewgroup.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2018
                                                                                                                                                                                                          Entropy (8bit):4.845505891620365
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:8LRZCSs+dJPHoSLI0zAXFqfzhPR3sAuH7vMTCRTnoH7ADR09ZWgsAU1HTfHU1EP:IRZ7umKgl5s2+cZPs81u
                                                                                                                                                                                                          MD5:3E20F1013FB48A67FE59BEDE7B8E341B
                                                                                                                                                                                                          SHA1:8C8A4CB49C3B29DB2C47F84AAFD0416101722BFE
                                                                                                                                                                                                          SHA-256:96E4429192F9AB26F8BF9F9429F36B388AA69C3624781C61EA6DF7E1BCA9B49B
                                                                                                                                                                                                          SHA-512:99CF3F88C8B06DA0DBE8085DEE796BEC7A9533990A55FBCE7524A4F941B5ECF0E8EC975A4B032EB2AAABD116C0804995A75036C98A5E4058F25D78D08A11F3F2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local pm=AddressList.PopupMenu..local pmAddToNewGroup=createMenuItem(pm)..pmAddToNewGroup.Caption=translate('Add to new group')..pmAddToNewGroup.ImageIndex=MainForm.CreateGroup.ImageIndex..pm.Items.insert(MainForm.CreateGroup.MenuIndex, pmAddToNewGroup)....local oldOnPopup=AddressList.PopupMenu.OnPopup..AddressList.PopupMenu.OnPopup=function(s).. if oldOnPopup then.. oldOnPopup(s).. end.. pmAddToNewGroup.Visible=AddressList.SelCount>=1..end....pmAddToNewGroup.OnClick=function(s).. local i.. local count=0.. local selcount=0.. local withAddress=false.. local hasAddressSupport=false.... if AddressList.SelCount==0 then.. messageDialog('Please select at least one entry first', mtError, mbOK).. return.. end.... hasAddressSupport=AddressList[0].IsAddressGroupHeader~=nil.... for i=0,AddressList.Count-1 do.. if AddressList[i].IsGroupHeader then.. count=count+1.. end.. end...... local groupname=translate(string.format('Group %d',count+1)).. if (isKeyPressed(VK_

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\alternateSpeedhack.LUA (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7632
                                                                                                                                                                                                          Entropy (8bit):4.883983761190223
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:peDFQNTce2Qt5q/sn2Wdk7RlxJKTiZjYsfUv:p3ue2F7RlxJfYP
                                                                                                                                                                                                          MD5:459B793E0DC43A993F03D8B612F67CEC
                                                                                                                                                                                                          SHA1:F14AE9AFBE97AF534A11BF98AC1CC096269F1474
                                                                                                                                                                                                          SHA-256:E2CBB4C2F46305BB07D84222231012FD4C800FE8E1B43E0AA1AF9B6C5D111F7F
                                                                                                                                                                                                          SHA-512:1740068E3419D153ECBD9D1A6AADA20AABE71915E7422DCE1A83E616E8D2A1084922A81741591A682531E1F8146E437D8688521C7707A4909E5721768A3F956E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--Copyright Cheat Engine......local function getOriginalCodeAndFiller(address).. local original,filler.... if type(address)~='number' then.. address=getAddressSafe(address).. end.... if address==nil then.. return nil, 'invalid address'.. end.... local sl=createStringList().. local d=createDisassembler().. local size=0.. while size<5 do.. d.disassemble(address).. local ldd=d.LastDisassembleData.. local inst=ldd.opcode..' '..ldd.parameters.. sl.add(inst).. size=size+#ldd.bytes.. address=address+#ldd.bytes.. end.... original=sl.Text.. if size-5>0 then.. filler=string.format("nop %x", size-5).. else.. filler=''.. end.... sl.destroy().. d.destroy().. return original,filler..end......local function hookSpeedFunctions().. if speedhack and speedhack.processid==getOpenedProcessID() then .. return true.. end.... local result, data=autoAssemble([[.. alloc(speedhack_wantedspeed,4).. registersymbol(speedhack_wantedspeed).. speedhack_w

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\autosave.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9243
                                                                                                                                                                                                          Entropy (8bit):4.766574177681985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:C64/8dXYKgLNhpwHmFUazyI+Q4Om1q/Qt:t4nHUKUa0Out
                                                                                                                                                                                                          MD5:40D6BFE593194CF938E19622A3C13A5E
                                                                                                                                                                                                          SHA1:761257E8EF492431CF0E04DBCA396FABB25FE1AE
                                                                                                                                                                                                          SHA-256:C4CEF60489B067C8E7ABCDD5594643A27D0720B21523753DD462D53024287116
                                                                                                                                                                                                          SHA-512:1D1AAA9DE74B0BB08CC4CECED5DBFA4C589347EAC098D7AE013D5A1BEAAE0EEACA4D314E2591560C6DF14A93DD4E9316CA317D21EFADCCA57D11EEE72F4C6E16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'autosave.po')..end....require("lfs")....autosave={} --todo make local....local AutoSaveSettings=getSettings('Auto Save')..local AutoSaveVersion=1....autosave.getPath=function().. local path=AutoSaveSettings['SavePath'].. if (path==nil) or (path=='') then.. .. path=os.getenv("LOCALAPPDATA").. if (path==nil) or (path=='') then.. path=getCheatEngineDir() --last attempt .. end.. end.. .. if string.sub(path,#path)~='\\' then.. path=path..'\\'.. end.. .. return path..end....function autosave.saveState().... .. local pid=AutoSaveSettings['ProcessID'].. if pid and pid~='' then.. pid=tonumber(pid).. if pid~=getCheatEngineProcessID() then.. --another CE has done an autosave.. if getProcessList()[pid]==nil then.. --it doesn't exist anymore... messageDialog(translate('Another instance of Cheat Engine has crashed and it created an autosave. Autosave disabled until y

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\bigendian.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7917
                                                                                                                                                                                                          Entropy (8bit):5.014591940837417
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sQJpltyKlR4ZtoOQ9pttWKlR4vtGTQPpMlyFuVCQc6c0RhBmg:stKY59KYQ5JhUg
                                                                                                                                                                                                          MD5:E76FCD2ECD5B956D4579A676AA3EEA01
                                                                                                                                                                                                          SHA1:49ECBA5CCC531A40AD7805A126D38B44B4A36576
                                                                                                                                                                                                          SHA-256:0339BA0043AF5C058CF3A19DE9F90312D18F6BB2728F454EF403B531BD57AE42
                                                                                                                                                                                                          SHA-512:8443C213D4A626A358631F76A0CC4C106543CE58C94D34A96B88574B3E32AE742F28878B259A17823CA07EC521B06E32E572E7BC77E10951BC0984B07C0571C6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local scripts={}....local function registerBigEndianInt16()..scripts['2 Byte Big Endian'].type=registerCustomTypeAutoAssembler([[..alloc(TypeName,256)..alloc(ByteSize,4)..alloc(ConvertRoutine,1024)..alloc(ConvertBackRoutine,1024)....TypeName:..db '2 Byte Big Endian',0....ByteSize:..dd 2....//The convert routine should hold a routine that converts the data to an integer (in eax)..//function declared as: stdcall int ConvertRoutine(unsigned char *input);..//Note: Keep in mind that this routine can be called by multiple threads at the same time...ConvertRoutine:..//jmp dllname.functionname..[64-bit]..//or manual:..//parameters: (64-bit)..//rcx=address of input..xor eax,eax..mov ax,[rcx] //eax now contains the bytes 'input' pointed to..xchg ah,al //convert to big endian....ret..[/64-bit]....[32-bit]..//jmp dllname.functionname..//or manual:..//parameters: (32-bit)..push ebp..mov ebp,esp..//[ebp+8]=input..//example:..mov eax,[ebp+8] //place the address that contains the bytes into eax..mov a

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14247
                                                                                                                                                                                                          Entropy (8bit):4.757455540825877
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:p1mEfPL5ThWRM8vLdyWR1hHS+6stplX7ZbaFYBY6tnGb:VfPjylLNkKW6tE
                                                                                                                                                                                                          MD5:26C0E56ABEBFB550A9D208D6191816E0
                                                                                                                                                                                                          SHA1:8F2392846633AC48A0168AFE9F20AFC124699F4C
                                                                                                                                                                                                          SHA-256:A825F660DF2E6C13DBECE0A0F8DC306129BD784F8DC4EFC37E67E9CDD00CE65F
                                                                                                                                                                                                          SHA-512:4FC8A18E2F24374953694CB9230D9DDBA7A1B69B3BA5574AE143CB79B8D0F7CD94E9DD7337EC58EA40769A4B552A583C466781AC7EFF50C9199EAB39AD2076A9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'CeShare.po')..end....ceshare={}....function ceshare.getInternet().. if ceshare.internet==nil then.. ceshare.internet=getInternet('ceshare').. end.. return ceshare.internet..end....local pathsep..if getOperatingSystem()==0 then.. pathsep=[[\]]..else.. pathsep=[[/]]..end....ceshare.version=-1..ceshare.path=getAutoRunPath()..'ceshare'..pathsep..ceshare.formpath=ceshare.path..pathsep..'forms'..pathsep..ceshare.imagepath=ceshare.path..pathsep..'images'..pathsep....if package.loaded.xmlSimple==nil then.. package.path=package.path..';'..getAutoRunPath()..'xml'..pathsep..'?.lua'..else.. package.loaded.xmlSimple=nil..end..ceshare.xmlParser = require("xmlSimple").newParser()......package.path=package.path..';'..ceshare.path..[[?.lua]]....function loadCEShare().. ceshare.settings=getSettings('ceshare').. ceshare.secondaryIdentifierCode=getSettings('ceshare\\secondaryIdentifierCode').... require("ceshare_account

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_account.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6583
                                                                                                                                                                                                          Entropy (8bit):4.856845566130843
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:2m3dOvyXANbHC7jmHmQr2LHymHG21h5rSTW/S4XHhOLOxInDLnrTH2n8ruHqhV4Z:2m3UvyW9mL/N5XYFCoKmo
                                                                                                                                                                                                          MD5:0B5180BD64689788EBEAA8E705A264AC
                                                                                                                                                                                                          SHA1:43A5CC401EE6C4FF4A94697112B1BC1D4345FC19
                                                                                                                                                                                                          SHA-256:8FD38A5E6C0408CA77E0E7A0EE179B4391758EC6DA94EA289E3A2CBC1AB1EC59
                                                                                                                                                                                                          SHA-512:CC26E2E36B93BF89AA16C744B2DB60D855DE616DB7A67F4FB24135545104459338C3EDEAB42BB316B1ECB0DB9E31970B1415A1BF638EA3E53AE31471330AEADB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..function ceshare.login(username,password).. local i=ceshare.getInternet().. local parameters='';.. if username then.. parameters=parameters..'username='..ceshare.url_encode(username).. end .. .. if password then.. parameters=parameters..'&password='..ceshare.url_encode(password).. end.. .. local r=i.postURL(ceshare.base..'login.php',parameters).. if r then.. if (r:sub(1,2)=='<?') then.. local s=ceshare.xmlParser:ParseXmlText(r).. if s then.. if s.Valid then.. ceshare.LoggedIn=true.. return true .. else.. if s.error then.. ceshare.showError(s.error:value()).. end.. end.. else.. ceshare.showError(r).. end.. else.. ceshare.showError(r);.. end.. else.. ceshare.showError('Login system failure').. end..end....function ceshare.logout().. local i=ceshare.getInternet().. local parameters='';.. i.postURL(ceshare.base..'logout.php',parameters).. ceshare.Lo

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_comments.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4018
                                                                                                                                                                                                          Entropy (8bit):4.735117902416751
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:5ASgbBrZUxqShyY92Tm1E+J7YYI0+9+DKeRA453wxQRBhqvr5OOeCYBhSj:5ARB2hhPE+WY9+AzE5XsBhSj
                                                                                                                                                                                                          MD5:0D4D1B597712015EF1B0EC8ADC26495F
                                                                                                                                                                                                          SHA1:3584779C06619F545B47A27703AA2F47455D50DE
                                                                                                                                                                                                          SHA-256:89C8FCCC16D2AA0A3004DC1B477A5C1DCBBA539769B2A4558F7C7D9B9809B133
                                                                                                                                                                                                          SHA-512:AE26BBB2C3F74C143A01EC3B296A26699C679D51BC68C8C7B8C460616D1A0AA065500EBCA83E972A720BD7A3C5A7B63A673EAECEF1391A2E717208EF8DA0796F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:function ceshare.QueryTableComments(entry, startindex).. local result=nil.. local parameters='id='..entry.ID.. if startindex then.. parameters=parameters..'startindex='..startindex.. end.. local s=ceshare.QueryXURL('QueryTableComments.php', parameters).. if s then.. if s.Comments then.. result={}.. .. for i=1, s.Comments:numChildren() do.. local comment=s.Comments:children()[i].. local entry={}.. entry.ID=tonumber(comment["@ID"]).. entry.Username=comment["@username"].. entry.Message=comment["@message"].. entry.Time=comment["@time"].. table.insert(result, entry).. end .. end.. end .. return result..end......function ceshare.createCommentPanel(comment).. local panel=createPanel(ceshare.CommentsFrm.MessageBox).. panel.Align='alTop' .. panel.Tag=comment.ID .. .. local pnlMessage=createPanel(panel).. pnlMessage.align='alClient'.. .. local lblUsername=createLabel(pnlMessage).. lblUsername.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_fulltablelist.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12865
                                                                                                                                                                                                          Entropy (8bit):4.882563186282491
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:08NVYz/SCrsKrYrygrL5UHsCYBv2S5OVhxPSidLhHYWZHHYzHuxN5FoXQuHNVcbU:Xod1grbuz9hHYWJaQCHqC
                                                                                                                                                                                                          MD5:665BB2E55E2A13157D1DBFEF05D1B905
                                                                                                                                                                                                          SHA1:408FEA33F574BD0FA9E4CB71958363398E0699BC
                                                                                                                                                                                                          SHA-256:DA6ECCE3DB7D305813FFE80CA994663D43F1068F0FB67399A4C66D1F28684BFA
                                                                                                                                                                                                          SHA-512:8FE95E22680E1E802D0CEEECBBD6B098526468B8CF4D838301D2833247D94E4F3B3A4B76A68F9FAAA2177B42FF2FFEA2DF46EF56A4A0CE501D126135CE8EE985
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local DPIMultiplier=(getScreenDPI()/96)..local ThumbnailWidth=240*DPIMultiplier..local ThumbnailHeight=80*DPIMultiplier....local DummyBitmap=createBitmap()..DummyBitmap.Canvas.Font.Size=12....local getListItemData,getThumbnail,generateListItemBitmap,getListItemBitmap..local cleanPage, setPage,getFullProcessList,filterList....--[[..ceshare.FullProcessList is the downloaded list which contains all entries..ceshare.FullProcessListView is the searchresult....--]]....local backgroundcolor....local darkMode=1..local windowColor,listColor,searchFieldColor,fontColor, fontSize, linkColor, highlightColor..if darkMode==1 then.. listColor=clBlack.. searchFieldColor=clBlack.. fontColor=clWhite.. windowColor=clBlack.. linkColor=0x0000ff.. highlightColor=0x00ff00..else .. listColor=clDefault.. searchFieldColor=clDefault.. fontColor=clDefault.. windowColor=clDefault.. linkColor=0xff0000.. highlightColor=clDefault..end....fontSize=12........function getListItemData(index).. local width..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_permissions.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3720
                                                                                                                                                                                                          Entropy (8bit):4.600809001198686
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:5JPi+sMwj8PiwwVtZw/FHesmsd6e2g8Qp18RHB0vjjmmNDARNbMymMNPuZdMUX28:5J6+sd4aw2ze/bPWh0RNaoy5uUY2hrEF
                                                                                                                                                                                                          MD5:65C8D4EDDFE05267A72EAE3DDB2CF02A
                                                                                                                                                                                                          SHA1:EEF2928D355C8B669F8854DA37162BA1FE32740A
                                                                                                                                                                                                          SHA-256:15B0C7682E5E8D2E2C2B8CB00C0C03B7DFA9439AC80C37F8E96A4F86652246F9
                                                                                                                                                                                                          SHA-512:1C151D5A44482362430FBC6ED4550671AD96E768942E4EC2A4C487182BED9D0326A0D40A1AC43F2C8A3DE1E18E33B055CE7126D80FEE9B5B7091ED83A22A41AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--Responsible for editing permissions on tables and changing the owner....function ceshare.ManageAccessList(entry).. if entry then.. .. if ceshare.Permissions==nil then.. local f=createFormFromFile(ceshare.formpath..'Permissions.FRM') .. ceshare.PermissionsFrm=f.. .. f.OnDestroy=function(s).. ceshare.settings.Value['PermissionsFrm.x']=s.left.. ceshare.settings.Value['PermissionsFrm.y']=s.top.. end.. .. f.lbUserNames.Width=f.canvas.getTextWidth('this is a very long username wtf').. f.lbUserNames.Height=f.canvas.getTextHeight('QWERTYjkl')*10.. .. f.lbUsernames.OnDblClick=function(s).. if s.ItemIndex~=-1 then.. s.Items.delete(s.ItemIndex).. end .. end.. .. f.btnAddUSer.OnClick=function(s).. local name=f.EdtUsername.Text.. if name~='' then.. f.lbUserNames.Items.add(name) .. end.. end.. .... local newx=ceshare.settings.Valu

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_processlistextention.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10057
                                                                                                                                                                                                          Entropy (8bit):4.490014854752693
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ejQ2511mA/SZ1aHe768NxSnLuYd42QRDwdmxst8mHWVZyjqb/9rPj4Y8JYs5Rjkc:eH7eeeBJZhbN0X1R
                                                                                                                                                                                                          MD5:607A7C1AB93026D94916F21779D0D645
                                                                                                                                                                                                          SHA1:3D5A64B256FC44086E6E190EA0BC45B5999E1979
                                                                                                                                                                                                          SHA-256:EA61EEA6289C2FEBA7B7D0CC24DB5277E383102F24784E6BF7254AF41829599C
                                                                                                                                                                                                          SHA-512:D6749E2DBE46466A1CB1C464CE3F237836EF6B572EF897C7F5C9D12F80A6C0C7A5DFEA54C3499A91E14B29C8BBF0809CCE433C379F9E5DC0072E436F641C59AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..function ceshare.GetCurrentProcessList().. ceshare.currentprocesslist={}.. .. for pid,name in pairs(getProcessList()) do.. local md5name=stringToMD5String(string.lower(name)).. --search processlist for this.. if ceshare.processlist and ceshare.processlist[md5name] then.. local e={}.. e.pid=pid.. e.name=name.. e.md5=md5name.. table.insert(ceshare.currentprocesslist,e).. end.. end.. .. return ceshare.currentprocesslist..end....function ceshare.DownloadProcessList().. --Downloads the processlist .. local i=ceshare.getInternet().. local processlist=i.getURL(ceshare.base..'processlist.txt').. .. if processlist==nil then.. return.. end.. .. if processlist:sub(1,1)=='<' then.. return --it returned html code instead of a md5 list.. end.. .. local f=io.open(ceshare.path..[[processlist.txt]],'wb').. if f then.. f:write(processlist).. f:close().... synchronize(function() ceshare.settings.Value.LastProcessListDownload=os.time(

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_publish.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21455
                                                                                                                                                                                                          Entropy (8bit):4.719034004905997
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:K3KK7BDUUhaWlvyDep8IcDsfUPrBUpJRg:K3hDUUh3Kqp8X9UpPg
                                                                                                                                                                                                          MD5:87CD08B16891E0DBE3D47BB71CA91691
                                                                                                                                                                                                          SHA1:55D98338B4AA0DF3566CD2E721B3D3F86A3836AA
                                                                                                                                                                                                          SHA-256:6BFD35AA64AB566DDB68D0675AD3B4A093649010A9C30DF3A30A7F9DC2ED7702
                                                                                                                                                                                                          SHA-512:847BECF1D3066A3E185001035B68496B91876BDEB323734782C41FC9B2BDF665BF33C728CEBBE78E820654D87B1969C09B5D1FAED7498538CB5F761984108614
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local function isWindowVisible(winhandle).. return executeCodeLocal('IsWindowVisible',winhandle)~=0..end....local function getBaseParentFromWindowHandle(winhandle).. local i=0.. local last=winhandle.... while winhandle and (winhandle~=0) and (i<10000) do.. last=winhandle.. winhandle=getWindow(winhandle, GW_HWNDOWNER).. i=i+1.. end;.... return last..end....function ceshare.getProcessTitle(pid).. local w=getWindow(getForegroundWindow(), GW_HWNDFIRST).... local bases={}.... while w and (w~=0) do.. if getWindowProcessID(w)==pid then.. if isWindowVisible(w) then.. local h=getBaseParentFromWindowHandle(w).. local c=getWindowCaption(h).. if isWindowVisible(h) and (c~='') then.. bases[h]=c.. end.. end.. end.. w=getWindow(w,GW_HWNDNEXT).. end...... for h,n in pairs(bases) do.. return n --just hope for the best..... end..end....function ceshare.getCurrentProcessTitle().. return ceshare.getProcessTitle(getOpenedProce

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_querycheats.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):25075
                                                                                                                                                                                                          Entropy (8bit):4.523124761905836
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RYDUUhQNWv2rzc3lytSv5ooI0/r5cCAn9zZMf4gybrby15VZ3faxLao0iH+WpeCC:uDUUhQ0OrbBKGYU63
                                                                                                                                                                                                          MD5:623B89F1E13C54A1F560B254317948B5
                                                                                                                                                                                                          SHA1:B90E2DE7A5CFF0B14738F2FB4F6A3A4E1EE1A17C
                                                                                                                                                                                                          SHA-256:0C6E90C2525F1560ACEA3F4BDAE056D11DF1C2F675C2335594DC80BB910A1B17
                                                                                                                                                                                                          SHA-512:F80CD50F860A5F8D5C6D6AB7BA8691B443DA91573F3F0FC8D5B82B79556C5AC02ACCC610870EA61A886ECB8A4491457965D082F8F41DF781DED1DB84F7157A3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:function ceshare.enumModules2().. local m=enumModules().. local r={}.. .. for i=1,#m do.. r[m[i].Name:lower()]=m[i].. end.. .. return r..end....function ceshare.QueryProcessCheats(processname, headermd5, updatableOnly).. local modulelist=ceshare.enumModules2().. local result=nil.. local parameters='processname='..ceshare.url_encode(processname).. .. if isKeyPressed(VK_CONTROL)==false then --control lets you get a new script if needed.. local secondaryIdentifierCode=ceshare.secondaryIdentifierCode.Value[processname:lower()].. if secondaryIdentifierCode and secondaryIdentifierCode~='' then.. local value,param=loadstring(secondaryIdentifierCode)().. if value and param then.. parameters=parameters..'&secondaryidentifier='..ceshare.url_encode(param).. end.. end.. end.. .. if updatableOnly then.. parameters=parameters..'&updatableOnly=1';.. end.... .. .. .. --local r=ceshare.getInternet().postURL(url,parameters).. --local s=ceshare

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\ceshare_requests.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5622
                                                                                                                                                                                                          Entropy (8bit):4.880391114169657
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:5cHxYq8COheJHVFvNmAYVL9rAaDu+WYtUX8T794B:5cLJHVF0AGBli+LtcYSB
                                                                                                                                                                                                          MD5:6CF99831E2AAAFB97E975EAE06A705FF
                                                                                                                                                                                                          SHA1:B6E71F7D3C779575598B65A6E4FB341344A3DDD2
                                                                                                                                                                                                          SHA-256:E9D57ACB17502AC169DEB37F211E472F68CD6E8A69E071D384B989FA45E9FA7F
                                                                                                                                                                                                          SHA-512:F6467C4C9DCAB563DBB5A337C76616208D1A1058D704B222E616E5A0809A156B1A29198919F4BF0D40C55A6E972439722C02AAC8A156C53572B6D7EF80986405
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:function ceshare.QueryProcessRequests(processname, startindex).. local result=nil.. if processname==nil or processname=='' then return end.. .. local parameters='processname='..ceshare.url_encode(processname).. if startindex then.. parameters=parameters..'startindex='..startindex.. end.. local s=ceshare.QueryXURL('QueryProcessRequests.php', parameters).. if s then.. if s.RequestList then.. result={}.. .. for i=1, s.RequestList:numChildren() do.. local request=s.RequestList:children()[i].. local entry={}.. entry.ID=tonumber(request["@ID"]).. entry.Username=request["@username"].. entry.Message=request["@message"].. entry.Score=tonumber(request["@score"]).. entry.Time=request["@time"].. .. table.insert(result, entry).. end .. end.. end.. .. return result..end....function ceshare.createRequestPanel(request).. local panel=createPanel(ceshare.RequestsFrm.MessageBox).. panel.Align='al

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\BrowseCheats.FRM (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (8956), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9023
                                                                                                                                                                                                          Entropy (8bit):6.421978633663277
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:bmmNyxgIf4EwW+rLEUeD0qdYKjj4vxs78t+ojoFv3VU:bmniIf4ERWrPM+O8zjoFv3VU
                                                                                                                                                                                                          MD5:D4F5FE5A2F5FEEB3D97B2FDF4AE7E6BC
                                                                                                                                                                                                          SHA1:EEF59C5A8AACD86F993E2BB3F8E5892817A9F7EB
                                                                                                                                                                                                          SHA-256:9CB25C63AB41BE2BA3984DF20686DD27BF937E029EBFAA56EBE88BAC6DFC53B6
                                                                                                                                                                                                          SHA-512:B00E9467A5203B04A958A69B20152AD5907E5337A43E3FF8F9209A01D7874DD477BB8596E93B3ACAF7354EE7CE76E742F4A72F598473A9C8CC36BBDBB240BB43
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCEShareCheatBrowser Class="TCEForm" Encoding="Ascii85">wR#CWlw0]!JBwM2C0mxHv1BJor9!e#+^)IR4PFdmhMBQtR{#urq9RgV#kEvaQcTH}rPWf1D1?=9ma[cDQq/,%]{:,V_93t!=;px[:Q,;vJ/mDkeU6R/0GJu.C=L%:wROl8(-E?8Pfcx8H#]N?bOZ4.4GP)h3R2,upbHJ:14Zb81Xnj23:4(sk-cDF047U/GtCXA4##MaDb64T:R[t@F*WS+)+P/B@fUlTJ@*e@==oe!NeI;jme=hpESf_DNTU7Zh+_vqgCT%oh-8c;fkf2OU2#DQDDXpwtH8Vv({A8z[7MrLBqS4[$S7yl0DVECkq-?_AQ6tfhGY];YmZlf-,Dxu.T=[Um4E@Zo$KQr7dl[KE3V(1a(jY6ObO25ycqJDWD/:,CL)]I$Foep:;G5Zi[+iEq:#aE5k3LnTr^Am7v70La,O}s^%JZEV,z;]q+6)EPjENJnBg80O[NL^Q(1}pWg_Kgm+?-]bpIgnqDox95zIdz)ReCFgG^55J:a!fvH2n;(H$?w1SS5nLd@aPmpteX^-zFQUL69JW/db]P)/Ga%uxSTmwywM@Vj.^ROMZ,HJR7t?80A7o#HnRe9QHV1@*/.C6eEG^E86R?kM-Nmms1FM:mm.VwmtAj2Z.qW4-_r?39}e3h%MVhB4sCL=2HQl=^U0:R,f#5*OmtpN3}LBhZN8l9LR9*kqMGB1S).G:$Y?jC}x51g9k$hgE5qOr6M-A6+=/m4wRzq*-[TSOUoz@a2=[B-*a]0A%%!O(MbxbY9{;zA6oJGu8l4b8:fE3R#s1u1[F(EKwW*0JJWJ.LIojsc2R]hF=rUBIq/vh)a5ay=ngpLm3j]/v9.clnID.HX.!N({b8}-y$V=MfgC@W7m]xKm=H{U#bb^MW*aIU@

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\CommentsOrRequests.FRM (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1145), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1212
                                                                                                                                                                                                          Entropy (8bit):6.394471687276162
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2dqQ7rMmbWa4nYCr0eZK8kNIkhXKLBq0IykSiHqVMywpvh:cqQ8ha4v0eZ9kexM+kP6Svh
                                                                                                                                                                                                          MD5:CD4D7AEE15163AB407B4F18D8F93DCC3
                                                                                                                                                                                                          SHA1:676E3EEA53646F221DCB4C9B7DCC2CB5315F36BC
                                                                                                                                                                                                          SHA-256:D8DE8120C14DA094FEDDB24C46C3E729D99696CCCE9C2D479797FFBBF34BD20B
                                                                                                                                                                                                          SHA-512:17EDE3DB62A9D2ABFB8D2715E5ED816A7BADF1EB7EAD79E5B48AB6DB7DCD8215B40CDD03D4A3CFD5EDE4567FA5092D9F7406FB25BC82DCAA26CBEA57C2207F69
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_frmComments Class="TCEForm" Encoding="Ascii85">t)DDk,cpr#A/7c=p(aVCac_YJC*M=gGd/*Y)eX$#io:=Udus-wRuV:apn#yqb]QPxJ@Bc{[m*dvqKCdmL4qHm#,r26oJcGdi}s)10sLwsGz,fI?XUXGC1m[Of?Do3ykE-L7jX/,B{Y=Os]l9Gj*AV$s^Osyo^4Sy-s:2F7i!(p*p/6I6ukpqa3ux9cKimCgsi_D3Aq3^i3Cr*-kgRHi2@.zQ-po8RaEfqNx4m5$i9RRDI[ZC]HX5=wV]Lm*qa/d(:sH27:mEZ^sXyFe_ift$pYf?!P)(D.0)F5Fw%0@NZh-HApM)XW1%vckF6^j3st$Cj*i/I77^s[?JK=Y(uSevX96A1YMnHVVJw7NJ1=5nnIzGM?_AO^MXINRH*o3AO:A)fGh^k;Y!havbbP@t#7?L6VM$V@yg+lwtK4kcGctdhRl!0C+{BXD.lO%Dt?1$:iN+5r^?JRK*Ekb3QX,Ooa0l#dszBoI^O)$CXcWw1d-bX^v^2S+Zy++]le]%6Xf0$(7m):}lwH*2[,^.,#Z@8Io3m?USLYYUO@57?9g._,[[UtA$rM%r?Lcf[[}NVD!L0bCjKXbiBZJZ_QNGHX;zjh*Z%5dyPrMG/:$S6rWd4_Ja#c3jm=-Gj9Gq{VBHcCv6ZDIwF@g/JZ]$%OmVMH,nxNKhE7(2hP!Xxi=(#ks?ReGZ9Wo[zV9zw#K+AjrX;xvXfPVwdLCAHLx[(AX-K$/C$Am8eLAf(5%TGrov.OXZw0[:0R/c4+XI?/@Ua7r+e(JqeAp;)t,:z^Znr7a^9I6Kfp0]ZiaUG6P4ybW^Tr/dg=HxRIPX7x^!_P//Yp:Nu*BEcHz3?NM!(z#dmz/-=jZ(QkFVEb,0e9$F]#Lbl(x6$/^Jlc;ZI1Bk0@u*+5Zc33

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\InitialSetup.FRM (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1222), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1289
                                                                                                                                                                                                          Entropy (8bit):6.4066800193563065
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2dIQ7TXr3F7R/8TDt3E/IlGZ264FeZqE1OieF5MiVM6wJAHWMzX4i0pdp:cIQHr35MMIlGZ264FzIjQ5jS2TSpdp
                                                                                                                                                                                                          MD5:23CC858DA49A7BDA9E9FE3ABF8D86D1D
                                                                                                                                                                                                          SHA1:9D869496104ACFFF0C5CB572628085666DC53486
                                                                                                                                                                                                          SHA-256:D5786540891C411BC34A5505A6CEE0E747DF2E5CD410ABFEB94E6D4169C85069
                                                                                                                                                                                                          SHA-512:B5650AB1AE463F97F5681DD3FDFF7015C963703A7437AC5F71A158F3E0BDC045E69151897D0EC75AA9DD4CCAC5475E6E492CE46A296BCAB8C4C329720E3C002A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_InitialSetup Class="TCEForm" Encoding="Ascii85">wN:e-,eQ$kD9Ms,:TOJVp^GGFDT-EToc7S1YS9iF+scsqg?Im+B^;qeS=.pCOS_er@cngXeS_z#W_tHdx*PcO:s@)oZ_3^H]F8g0FbL,=uf874qw]lv:f=={jA^Jkwd9sFF,+Dxy-Qr!=$6:g56G99=M@z}xhlH-PXCstHtT-YAD*)0(G.WU8bqwHT+/vB)fQ0pf.tlTP:{G:C}Xtypc:2@1Vh4c$zl{4]v1949uDi:A-L2b*R^l,[fG_1%0ZtAnm=K-ouZx/Ea7rFu1,=Ho}^ukD$h$owSu2,E=+v8*10*C5:xUA_3GlE6,!SZ2.@i1lnOPi0fRLjLIEpP!aWxPVgwco1goGdgkmW$nL=]Wr5^8YG7EFJ#lS,VoZ^3q1B3bw@?d*H,3:Q--D+}hws3sW:Ggr!?FcU3AbI#[CkW2CNd*6L;X$Ij(:4oWXEUzTuL]C}]3kEUyXBQ%mC6FK#1xc/oN.OCN27Q{2eBr8E_*Y3g.u^{V!!m-NCo#yYbGfy9o1,GB?K@-tFXo.*2Y+(f@a7e:]SsC1518}atv@G6]exl.2Mxf8A/xssVV*ZOU==*SZK}HeWy8;,+r+lWm5}kp[cwWQ%w}$vLy4RtQiO^-vF2XJ66[G=X+*HoFXm_Rnn8R^uH6qt4I5f[OAspgC03ctUvBJ5]QAF(g[*aupmT;QqvYqnSLv_:4i$^eQ-cNh+Tb^iTeF8iEBTS9UoZ!bMJ:lYd0KyfEymSCvSY1.r=rj]T80S$.4B*DGVw^UNh,);HnWUJ)WqO@o+zILXIP%uay__r.h342dnO5Fk)hW^)e2#EEB?!Y-9JM[Ih*A.;%L=yKmS1E/Ew:=r]1i^th/n=vpl8CsXgZJy+pHd.1f-LoqE0-e51j]%y]3b.Iz

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\Permissions.FRM (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1189), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1256
                                                                                                                                                                                                          Entropy (8bit):6.4186272262096935
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2ddlQ7Be7XyJpQUDdX+ZdEjY6JFxhiVFtGgtkyO3FwBod6cGcNNnpvrAJX:c3QMOJpQUd+Zq1FnsPtKW2RNNnpMh
                                                                                                                                                                                                          MD5:7FFD1E1B425636CFA08CDA89429C69A6
                                                                                                                                                                                                          SHA1:EC6A75FCA2BC4F2E8CB7AB9644D1BEDB1D686221
                                                                                                                                                                                                          SHA-256:44E9BC08A3F919DA8689C4703E77324568F3902E95F8F3F92CCF234BCF7BF649
                                                                                                                                                                                                          SHA-512:DBA72B7A8F1A3D72101E4F735E0CEA1BE8E72236A81E6FC2CE18E7F93715B5C1F21AA384790C7E0097A23AEB6D52E954CE7C7ADF7C6189A855DCD6FADADE7C9B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_permissions Class="TCEForm" Encoding="Ascii85">y[U.z):Zf/9oey,ro#-q)5,Vt!!R9S$+xJ8X]!W:I*x=3[Gx3HNEut^g*J_?8=a(32Vu,0?Bqk]uNgV+l+:lPk0t(8cXV]gv#M#M.o!M7;hBF$G,p.09@)i.%pjVEaU3!l8.5Yl@]E-A58=Tk;z_N5Vl){FtNlI/[+gfPy**.]4L=Jt,hb7x)Sa_/byvO6y@c9dkATj#EadWQ0,#K=Zb.9=Qy/T]SjAjBoduYKGb_Tg=UN8FFP81f_HZ097Kh1L;%ok/egr]KA]FqXBHSE=G4HXfF7Zxdh$x.y^Ah;zV-}q#0EwmTKBGKh#A,X3QiwLosIXTAS3FL4f+[e;t@P(wYjtoO@%(:DnqoqBPU(mQ+bgZ.H,R_GBjA)JpE#U35lq/yNP:2M?K/XsgEPavz[Kl.dRTuch9G0T^[Z4M3*w3Ng0fr}X%B]Xft0(rc9_%!=fj]?kFa-}3]d%#B]MzvLf)ad:ZKmJRVg-bvc*th$K^l@%4n*x#ko!rJxO4pi.UG{%aT+X-8P/xh;0i3[ZFU^6KV:-wvw7r.%M0{5SQaf.OmITL!jq.jI?U%xZ)-Afl%3JghiI,lODnTq!yB!,B{PUj0Bq25omjJVV721^UdJG*NCw%q{rnTmsU;pX[YLxUI1GVEz4WQwy0oR7/J{COUYI2Gdrn8;.bWfM-FyJSNvXOD1(lm7]c8Y*o+0[w@T*BsEVkNj1G3YvRcyQ,7-F(RPK[3AgLnZXMN$D1=WwA(v8gkCu(bGlm_nhUy5w9kcb=GoWK)3g@b%_-sSLHNX,BR#I[.[sPvFZZ1P}_9^yb;s,g3=$bIZDPevhiSw3;9[s,+^$AxTx%6z:ed/;T7Bb_Q1L+6Wk/@NAQ^:Apm:{0USE[:-(;oqsG@%}]dD33q:

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\PublishCheat.FRM (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (2354), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2421
                                                                                                                                                                                                          Entropy (8bit):6.429603749104613
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cFQ46+MhmKUEJ4Luu8nEq61PwmKekYxRfEQWtJSmhfQl:M0hm9o41bpPRkoEfScIl
                                                                                                                                                                                                          MD5:D6FCB383A27920083054DD42003BEC4D
                                                                                                                                                                                                          SHA1:3941A986929680D50B8B74E61323D1D6C20AEC27
                                                                                                                                                                                                          SHA-256:A8611471651393E17090167C5B6CADE46EAE9FEE8841DB0816BF36A4F43FBE16
                                                                                                                                                                                                          SHA-512:405CBB3823344BC321E135C8084710352506A342FF22A2C356B0629EB6E929AC44C0098BD6E90256BC0814A7693D367E6E4AEA8BF277B122654E19A185D52938
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCESharePublishCheat Class="TCEForm" Encoding="Ascii85">y.*6f8${pi=/W3.*1,zArU6k,d!d!ufQl-ls,Y!fNFZO-X-g#{G,vLhtBhx=-Ekaq/H#SVsCq+c68]]WTsU(!!kr5zeg+IBtoO@iYsXEHBFEnOc.Dxp:Xq!Lokuq]=eJjp/I-WRzR8]:wYJl#*f+Oe$U)13ZP%)/1dEv,)iX:3LUD]ON0u/Ex@c,6#@2iP3%eyO.{5/3xF;kS^,3j#8^BCTXWQh:t/E;=#:sS%vrAY^E7fpU+qjxY^K=TC:[Aj:e2v/KiD3S!]aPUpD{#eOxJl;(ZPEjWo5XeZaEDxb%uI[r4ZB68kLxwggu]iRcE8Vvb2V%Qe{l#a)h]w5uEcxE_D[6cof/em91pub/3raMC35_y0/LdgQD[?oY{*K-UG*uc(ihsvSb11IfT%K2/CHsPO[L$tB@@HBc_u(%vAq#laLPXVPcje%=O9khxDdRv8n!-[XcFOCNj4^jUk{@WgJ66SR@^2#op]K[rGiJ3ABHsfT]#E[-0CbohNdDumLp2_+t1v0$7*[{IUZK8RiC+E:3L:mn,bP*+Jl2b,[/!3Gvcl^gae*3Lh+7WqR1i,)dHT@xJfs#/Cco93s$W1A#UzVBS5YOp$(l?p/k*M+B!!,U}M%mWL+(7oCP_-jL-,!3#8if7buNv#]k^w@hW]*su6=/UP,%lQ+(KLH,nEDbMsZQoM:r5APbS%@i+u-Bg+E=h)!JNw2(Crhq+@z@J4OE!ROQ*E#Q;TrjSKpQd*{hNlLi95]U)}:.gT$azf}S50ICN(67RONGv)(Yq8w*Mhl5l(=+po74x}KV1Aa%ihg8*GGZL+p[rk=qM#3n?kNL/ph)HLzLF5la70LdE#h[s,@%6{5{N6C2rQF0DwdOiIv5KoEz8apm7gJE_G],m1w

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\UpdateOrNew.FRM (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (869), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):936
                                                                                                                                                                                                          Entropy (8bit):6.410328130247008
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2d3Q7M2RqjiEC8Fpohhnh13sAy/jtaos59:c3QAkqeP0poh1b3Ivs
                                                                                                                                                                                                          MD5:5AD30685C039C115C346D24223C3EAE4
                                                                                                                                                                                                          SHA1:814C5B02040E87906E7A64F4355B8A35101BDACF
                                                                                                                                                                                                          SHA-256:BD3E07DECC17007796403191246AB0F3585F51532FBF16D496E541C3107D7E0E
                                                                                                                                                                                                          SHA-512:DE29C279573C7CC542E8A9AC427594E067D47DE390A7D41AC2E7CCDDD646550B5ED6D2ECAE39B2C7B798649B6D61BA5BD259FD0A8814D35B508D3AE96DD19BC1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCEShareUpdateOrNew Class="TCEForm" Encoding="Ascii85">os;.-):Zgr6,4OTNt(59EwId?!-7TO0xTN0rObpT#G!1F=Uz]?kvx+pOgRb+ZopkQ0?q-NY(l9{LORopKlDEI-tYaTk4:OoqpLU0#J^^@d}q]63.!{mFo#cBj3o@D4Xo,_m]eM:Ze9bKCDQ(=vnMRGzt/X^Nh{ll)r*z]kAc6B7!_E^NP;GIVetXz5..E3Bw?7K)HUQ7%P:J)Y5OSwDox6k^$FQwM?+1B(go//h(TZCl@Hl^sagj[$Xfy^H?**^z+0Orr%{RqKw]+=J?XlroTW{/xT3(MHda-+F{gg_H63l,@S9$,!TU?}ws@j:j]LzG$(ah%O8AS7T]!n.kB1]-qabY6+MM(dz{9KW[pR.d9HQ00b7g7bc@:@4d9kC5:Q:Yw)sKwh91%J?)@/RQi$#c4cYKyE7gTg:=*g%)fP4eb%(IXVG6lW8b%S:fG{V$Ssq]VceTw#=)(x*gpYAPip,0)q#+l${P,9hkYP,*rWJVz[vwlU$d(fyUAQXgmaIG+0kV2HZy6zZoJf!Kp:Z*D*uY2wUhr@tRRr7KY1?b-x$GsC^$QYLhwI@d76V[iUrqqb!NfOh;=eSWt#dJ}G//H$yGwrtZ[C1M1Ri:]AG;7.;6Ub4Yfn:FiseB]@CzbAnlKKf[.+sOAN8cvHE(w*P-ygq])RZorM-+,=9F]6CD6BM}4HruZLtPam3scH_7Tt:}@r_nP_DiIZpNi[ANtE[V0){#_tgS*5DnR}NgZ#4x/mMn9ZX=aL:pJvc:?]p3ppVPTd)B(m?dBoJnLa#GHbUqx</frmCEShareUpdateOrNew>..</FormData>..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-3RF09.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1145), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1212
                                                                                                                                                                                                          Entropy (8bit):6.394471687276162
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2dqQ7rMmbWa4nYCr0eZK8kNIkhXKLBq0IykSiHqVMywpvh:cqQ8ha4v0eZ9kexM+kP6Svh
                                                                                                                                                                                                          MD5:CD4D7AEE15163AB407B4F18D8F93DCC3
                                                                                                                                                                                                          SHA1:676E3EEA53646F221DCB4C9B7DCC2CB5315F36BC
                                                                                                                                                                                                          SHA-256:D8DE8120C14DA094FEDDB24C46C3E729D99696CCCE9C2D479797FFBBF34BD20B
                                                                                                                                                                                                          SHA-512:17EDE3DB62A9D2ABFB8D2715E5ED816A7BADF1EB7EAD79E5B48AB6DB7DCD8215B40CDD03D4A3CFD5EDE4567FA5092D9F7406FB25BC82DCAA26CBEA57C2207F69
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_frmComments Class="TCEForm" Encoding="Ascii85">t)DDk,cpr#A/7c=p(aVCac_YJC*M=gGd/*Y)eX$#io:=Udus-wRuV:apn#yqb]QPxJ@Bc{[m*dvqKCdmL4qHm#,r26oJcGdi}s)10sLwsGz,fI?XUXGC1m[Of?Do3ykE-L7jX/,B{Y=Os]l9Gj*AV$s^Osyo^4Sy-s:2F7i!(p*p/6I6ukpqa3ux9cKimCgsi_D3Aq3^i3Cr*-kgRHi2@.zQ-po8RaEfqNx4m5$i9RRDI[ZC]HX5=wV]Lm*qa/d(:sH27:mEZ^sXyFe_ift$pYf?!P)(D.0)F5Fw%0@NZh-HApM)XW1%vckF6^j3st$Cj*i/I77^s[?JK=Y(uSevX96A1YMnHVVJw7NJ1=5nnIzGM?_AO^MXINRH*o3AO:A)fGh^k;Y!havbbP@t#7?L6VM$V@yg+lwtK4kcGctdhRl!0C+{BXD.lO%Dt?1$:iN+5r^?JRK*Ekb3QX,Ooa0l#dszBoI^O)$CXcWw1d-bX^v^2S+Zy++]le]%6Xf0$(7m):}lwH*2[,^.,#Z@8Io3m?USLYYUO@57?9g._,[[UtA$rM%r?Lcf[[}NVD!L0bCjKXbiBZJZ_QNGHX;zjh*Z%5dyPrMG/:$S6rWd4_Ja#c3jm=-Gj9Gq{VBHcCv6ZDIwF@g/JZ]$%OmVMH,nxNKhE7(2hP!Xxi=(#ks?ReGZ9Wo[zV9zw#K+AjrX;xvXfPVwdLCAHLx[(AX-K$/C$Am8eLAf(5%TGrov.OXZw0[:0R/c4+XI?/@Ua7r+e(JqeAp;)t,:z^Znr7a^9I6Kfp0]ZiaUG6P4ybW^Tr/dg=HxRIPX7x^!_P//Yp:Nu*BEcHz3?NM!(z#dmz/-=jZ(QkFVEb,0e9$F]#Lbl(x6$/^Jlc;ZI1Bk0@u*+5Zc33

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-8UK9S.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1222), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1289
                                                                                                                                                                                                          Entropy (8bit):6.4066800193563065
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2dIQ7TXr3F7R/8TDt3E/IlGZ264FeZqE1OieF5MiVM6wJAHWMzX4i0pdp:cIQHr35MMIlGZ264FzIjQ5jS2TSpdp
                                                                                                                                                                                                          MD5:23CC858DA49A7BDA9E9FE3ABF8D86D1D
                                                                                                                                                                                                          SHA1:9D869496104ACFFF0C5CB572628085666DC53486
                                                                                                                                                                                                          SHA-256:D5786540891C411BC34A5505A6CEE0E747DF2E5CD410ABFEB94E6D4169C85069
                                                                                                                                                                                                          SHA-512:B5650AB1AE463F97F5681DD3FDFF7015C963703A7437AC5F71A158F3E0BDC045E69151897D0EC75AA9DD4CCAC5475E6E492CE46A296BCAB8C4C329720E3C002A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_InitialSetup Class="TCEForm" Encoding="Ascii85">wN:e-,eQ$kD9Ms,:TOJVp^GGFDT-EToc7S1YS9iF+scsqg?Im+B^;qeS=.pCOS_er@cngXeS_z#W_tHdx*PcO:s@)oZ_3^H]F8g0FbL,=uf874qw]lv:f=={jA^Jkwd9sFF,+Dxy-Qr!=$6:g56G99=M@z}xhlH-PXCstHtT-YAD*)0(G.WU8bqwHT+/vB)fQ0pf.tlTP:{G:C}Xtypc:2@1Vh4c$zl{4]v1949uDi:A-L2b*R^l,[fG_1%0ZtAnm=K-ouZx/Ea7rFu1,=Ho}^ukD$h$owSu2,E=+v8*10*C5:xUA_3GlE6,!SZ2.@i1lnOPi0fRLjLIEpP!aWxPVgwco1goGdgkmW$nL=]Wr5^8YG7EFJ#lS,VoZ^3q1B3bw@?d*H,3:Q--D+}hws3sW:Ggr!?FcU3AbI#[CkW2CNd*6L;X$Ij(:4oWXEUzTuL]C}]3kEUyXBQ%mC6FK#1xc/oN.OCN27Q{2eBr8E_*Y3g.u^{V!!m-NCo#yYbGfy9o1,GB?K@-tFXo.*2Y+(f@a7e:]SsC1518}atv@G6]exl.2Mxf8A/xssVV*ZOU==*SZK}HeWy8;,+r+lWm5}kp[cwWQ%w}$vLy4RtQiO^-vF2XJ66[G=X+*HoFXm_Rnn8R^uH6qt4I5f[OAspgC03ctUvBJ5]QAF(g[*aupmT;QqvYqnSLv_:4i$^eQ-cNh+Tb^iTeF8iEBTS9UoZ!bMJ:lYd0KyfEymSCvSY1.r=rj]T80S$.4B*DGVw^UNh,);HnWUJ)WqO@o+zILXIP%uay__r.h342dnO5Fk)hW^)e2#EEB?!Y-9JM[Ih*A.;%L=yKmS1E/Ew:=r]1i^th/n=vpl8CsXgZJy+pHd.1f-LoqE0-e51j]%y]3b.Iz

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-97HQG.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (2354), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2421
                                                                                                                                                                                                          Entropy (8bit):6.429603749104613
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cFQ46+MhmKUEJ4Luu8nEq61PwmKekYxRfEQWtJSmhfQl:M0hm9o41bpPRkoEfScIl
                                                                                                                                                                                                          MD5:D6FCB383A27920083054DD42003BEC4D
                                                                                                                                                                                                          SHA1:3941A986929680D50B8B74E61323D1D6C20AEC27
                                                                                                                                                                                                          SHA-256:A8611471651393E17090167C5B6CADE46EAE9FEE8841DB0816BF36A4F43FBE16
                                                                                                                                                                                                          SHA-512:405CBB3823344BC321E135C8084710352506A342FF22A2C356B0629EB6E929AC44C0098BD6E90256BC0814A7693D367E6E4AEA8BF277B122654E19A185D52938
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCESharePublishCheat Class="TCEForm" Encoding="Ascii85">y.*6f8${pi=/W3.*1,zArU6k,d!d!ufQl-ls,Y!fNFZO-X-g#{G,vLhtBhx=-Ekaq/H#SVsCq+c68]]WTsU(!!kr5zeg+IBtoO@iYsXEHBFEnOc.Dxp:Xq!Lokuq]=eJjp/I-WRzR8]:wYJl#*f+Oe$U)13ZP%)/1dEv,)iX:3LUD]ON0u/Ex@c,6#@2iP3%eyO.{5/3xF;kS^,3j#8^BCTXWQh:t/E;=#:sS%vrAY^E7fpU+qjxY^K=TC:[Aj:e2v/KiD3S!]aPUpD{#eOxJl;(ZPEjWo5XeZaEDxb%uI[r4ZB68kLxwggu]iRcE8Vvb2V%Qe{l#a)h]w5uEcxE_D[6cof/em91pub/3raMC35_y0/LdgQD[?oY{*K-UG*uc(ihsvSb11IfT%K2/CHsPO[L$tB@@HBc_u(%vAq#laLPXVPcje%=O9khxDdRv8n!-[XcFOCNj4^jUk{@WgJ66SR@^2#op]K[rGiJ3ABHsfT]#E[-0CbohNdDumLp2_+t1v0$7*[{IUZK8RiC+E:3L:mn,bP*+Jl2b,[/!3Gvcl^gae*3Lh+7WqR1i,)dHT@xJfs#/Cco93s$W1A#UzVBS5YOp$(l?p/k*M+B!!,U}M%mWL+(7oCP_-jL-,!3#8if7buNv#]k^w@hW]*su6=/UP,%lQ+(KLH,nEDbMsZQoM:r5APbS%@i+u-Bg+E=h)!JNw2(Crhq+@z@J4OE!ROQ*E#Q;TrjSKpQd*{hNlLi95]U)}:.gT$azf}S50ICN(67RONGv)(Yq8w*Mhl5l(=+po74x}KV1Aa%ihg8*GGZL+p[rk=qM#3n?kNL/ph)HLzLF5la70LdE#h[s,@%6{5{N6C2rQF0DwdOiIv5KoEz8apm7gJE_G],m1w

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-JS844.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1189), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1256
                                                                                                                                                                                                          Entropy (8bit):6.4186272262096935
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2ddlQ7Be7XyJpQUDdX+ZdEjY6JFxhiVFtGgtkyO3FwBod6cGcNNnpvrAJX:c3QMOJpQUd+Zq1FnsPtKW2RNNnpMh
                                                                                                                                                                                                          MD5:7FFD1E1B425636CFA08CDA89429C69A6
                                                                                                                                                                                                          SHA1:EC6A75FCA2BC4F2E8CB7AB9644D1BEDB1D686221
                                                                                                                                                                                                          SHA-256:44E9BC08A3F919DA8689C4703E77324568F3902E95F8F3F92CCF234BCF7BF649
                                                                                                                                                                                                          SHA-512:DBA72B7A8F1A3D72101E4F735E0CEA1BE8E72236A81E6FC2CE18E7F93715B5C1F21AA384790C7E0097A23AEB6D52E954CE7C7ADF7C6189A855DCD6FADADE7C9B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <ceshare_permissions Class="TCEForm" Encoding="Ascii85">y[U.z):Zf/9oey,ro#-q)5,Vt!!R9S$+xJ8X]!W:I*x=3[Gx3HNEut^g*J_?8=a(32Vu,0?Bqk]uNgV+l+:lPk0t(8cXV]gv#M#M.o!M7;hBF$G,p.09@)i.%pjVEaU3!l8.5Yl@]E-A58=Tk;z_N5Vl){FtNlI/[+gfPy**.]4L=Jt,hb7x)Sa_/byvO6y@c9dkATj#EadWQ0,#K=Zb.9=Qy/T]SjAjBoduYKGb_Tg=UN8FFP81f_HZ097Kh1L;%ok/egr]KA]FqXBHSE=G4HXfF7Zxdh$x.y^Ah;zV-}q#0EwmTKBGKh#A,X3QiwLosIXTAS3FL4f+[e;t@P(wYjtoO@%(:DnqoqBPU(mQ+bgZ.H,R_GBjA)JpE#U35lq/yNP:2M?K/XsgEPavz[Kl.dRTuch9G0T^[Z4M3*w3Ng0fr}X%B]Xft0(rc9_%!=fj]?kFa-}3]d%#B]MzvLf)ad:ZKmJRVg-bvc*th$K^l@%4n*x#ko!rJxO4pi.UG{%aT+X-8P/xh;0i3[ZFU^6KV:-wvw7r.%M0{5SQaf.OmITL!jq.jI?U%xZ)-Afl%3JghiI,lODnTq!yB!,B{PUj0Bq25omjJVV721^UdJG*NCw%q{rnTmsU;pX[YLxUI1GVEz4WQwy0oR7/J{COUYI2Gdrn8;.bWfM-FyJSNvXOD1(lm7]c8Y*o+0[w@T*BsEVkNj1G3YvRcyQ,7-F(RPK[3AgLnZXMN$D1=WwA(v8gkCu(bGlm_nhUy5w9kcb=GoWK)3g@b%_-sSLHNX,BR#I[.[sPvFZZ1P}_9^yb;s,g3=$bIZDPevhiSw3;9[s,+^$AxTx%6z:ed/;T7Bb_Q1L+6Wk/@NAQ^:Apm:{0USE[:-(;oqsG@%}]dD33q:

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-RFBAO.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (869), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):936
                                                                                                                                                                                                          Entropy (8bit):6.410328130247008
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2d3Q7M2RqjiEC8Fpohhnh13sAy/jtaos59:c3QAkqeP0poh1b3Ivs
                                                                                                                                                                                                          MD5:5AD30685C039C115C346D24223C3EAE4
                                                                                                                                                                                                          SHA1:814C5B02040E87906E7A64F4355B8A35101BDACF
                                                                                                                                                                                                          SHA-256:BD3E07DECC17007796403191246AB0F3585F51532FBF16D496E541C3107D7E0E
                                                                                                                                                                                                          SHA-512:DE29C279573C7CC542E8A9AC427594E067D47DE390A7D41AC2E7CCDDD646550B5ED6D2ECAE39B2C7B798649B6D61BA5BD259FD0A8814D35B508D3AE96DD19BC1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCEShareUpdateOrNew Class="TCEForm" Encoding="Ascii85">os;.-):Zgr6,4OTNt(59EwId?!-7TO0xTN0rObpT#G!1F=Uz]?kvx+pOgRb+ZopkQ0?q-NY(l9{LORopKlDEI-tYaTk4:OoqpLU0#J^^@d}q]63.!{mFo#cBj3o@D4Xo,_m]eM:Ze9bKCDQ(=vnMRGzt/X^Nh{ll)r*z]kAc6B7!_E^NP;GIVetXz5..E3Bw?7K)HUQ7%P:J)Y5OSwDox6k^$FQwM?+1B(go//h(TZCl@Hl^sagj[$Xfy^H?**^z+0Orr%{RqKw]+=J?XlroTW{/xT3(MHda-+F{gg_H63l,@S9$,!TU?}ws@j:j]LzG$(ah%O8AS7T]!n.kB1]-qabY6+MM(dz{9KW[pR.d9HQ00b7g7bc@:@4d9kC5:Q:Yw)sKwh91%J?)@/RQi$#c4cYKyE7gTg:=*g%)fP4eb%(IXVG6lW8b%S:fG{V$Ssq]VceTw#=)(x*gpYAPip,0)q#+l${P,9hkYP,*rWJVz[vwlU$d(fyUAQXgmaIG+0kV2HZy6zZoJf!Kp:Z*D*uY2wUhr@tRRr7KY1?b-x$GsC^$QYLhwI@d76V[iUrqqb!NfOh;=eSWt#dJ}G//H$yGwrtZ[C1M1Ri:]AG;7.;6Ub4Yfn:FiseB]@CzbAnlKKf[.+sOAN8cvHE(w*P-ygq])RZorM-+,=9F]6CD6BM}4HruZLtPam3scH_7Tt:}@r_nP_DiIZpNi[ANtE[V0){#_tgS*5DnR}NgZ#4x/mMn9ZX=aL:pJvc:?]p3ppVPTd)B(m?dBoJnLa#GHbUqx</frmCEShareUpdateOrNew>..</FormData>..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\forms\is-VMC2K.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (8956), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9023
                                                                                                                                                                                                          Entropy (8bit):6.421978633663277
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:bmmNyxgIf4EwW+rLEUeD0qdYKjj4vxs78t+ojoFv3VU:bmniIf4ERWrPM+O8zjoFv3VU
                                                                                                                                                                                                          MD5:D4F5FE5A2F5FEEB3D97B2FDF4AE7E6BC
                                                                                                                                                                                                          SHA1:EEF59C5A8AACD86F993E2BB3F8E5892817A9F7EB
                                                                                                                                                                                                          SHA-256:9CB25C63AB41BE2BA3984DF20686DD27BF937E029EBFAA56EBE88BAC6DFC53B6
                                                                                                                                                                                                          SHA-512:B00E9467A5203B04A958A69B20152AD5907E5337A43E3FF8F9209A01D7874DD477BB8596E93B3ACAF7354EE7CE76E742F4A72F598473A9C8CC36BBDBB240BB43
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmCEShareCheatBrowser Class="TCEForm" Encoding="Ascii85">wR#CWlw0]!JBwM2C0mxHv1BJor9!e#+^)IR4PFdmhMBQtR{#urq9RgV#kEvaQcTH}rPWf1D1?=9ma[cDQq/,%]{:,V_93t!=;px[:Q,;vJ/mDkeU6R/0GJu.C=L%:wROl8(-E?8Pfcx8H#]N?bOZ4.4GP)h3R2,upbHJ:14Zb81Xnj23:4(sk-cDF047U/GtCXA4##MaDb64T:R[t@F*WS+)+P/B@fUlTJ@*e@==oe!NeI;jme=hpESf_DNTU7Zh+_vqgCT%oh-8c;fkf2OU2#DQDDXpwtH8Vv({A8z[7MrLBqS4[$S7yl0DVECkq-?_AQ6tfhGY];YmZlf-,Dxu.T=[Um4E@Zo$KQr7dl[KE3V(1a(jY6ObO25ycqJDWD/:,CL)]I$Foep:;G5Zi[+iEq:#aE5k3LnTr^Am7v70La,O}s^%JZEV,z;]q+6)EPjENJnBg80O[NL^Q(1}pWg_Kgm+?-]bpIgnqDox95zIdz)ReCFgG^55J:a!fvH2n;(H$?w1SS5nLd@aPmpteX^-zFQUL69JW/db]P)/Ga%uxSTmwywM@Vj.^ROMZ,HJR7t?80A7o#HnRe9QHV1@*/.C6eEG^E86R?kM-Nmms1FM:mm.VwmtAj2Z.qW4-_r?39}e3h%MVhB4sCL=2HQl=^U0:R,f#5*OmtpN3}LBhZN8l9LR9*kqMGB1S).G:$Y?jC}x51g9k$hgE5qOr6M-A6+=/m4wRzq*-[TSOUoz@a2=[B-*a]0A%%!O(MbxbY9{;zA6oJGu8l4b8:fE3R#s1u1[F(EKwW*0JJWJ.LIojsc2R]hF=rUBIq/vh)a5ay=ngpLm3j]/v9.clnID.HX.!N({b8}-y$V=MfgC@W7m]xKm=H{U#bb^MW*aIU@

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\is-9AVT7.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 128 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1101
                                                                                                                                                                                                          Entropy (8bit):7.686753451899311
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:1f3v5+q2UtliFJGJVpHczJCMQFwdDC2oDCtEnPkEJA:Z3/tligVlccMQUDCpGtEnPkE6
                                                                                                                                                                                                          MD5:0212208FD406500388F08BC4189CC57E
                                                                                                                                                                                                          SHA1:79A82F1AC86D6C4BE3C3E4B0A790BFD4E2F6B27E
                                                                                                                                                                                                          SHA-256:A85170D26B9344DCA793C3B2326EC709D2F2D01578E78B855E82B14795B0025C
                                                                                                                                                                                                          SHA-512:33E7E2AE0B3D36D8E909CFFC993E6B36923E8775E780832F5D689C15D04712EA412B62CC709C53128D9ACAD34F1922CB9FEE90304DA2F879BEBEB4F3A67B9523
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......(.....6q.H....bKGD..............pHYs...#...#.x.?v....tIME.....7.6`......tEXtComment.Created with GIMPW.......IDATx..\1o.1.}g.?....J..L.XaA..:7.H,,.....0.2...R.t.TE....b..*.*.+...p...;..tCN...=?......uaRs.K%..[N9F.W....`[H.-...t.I...L.;.........!...?.\..|..{x.Z.@e}.....Jo......0zA..{<c...J=.8...*...YN...8[./G....o.9../.`F.....)PL.......s.&...Y.Hy.S.:.W..........9.^....h.w..8U b.O....zc..4*...../ %..OD..8.5....{.XY{..............d.<...tP.1..{o...%.f$F.....(.........D.....D6.i.....~v..m.2e.QS.k!V..K...xT.1}e.............\.y.u.1.>.pO...5.oZ...Ce.C.e.5}..l........[*39........:.E...[.....}...pOd#v..MK..)....S..5....{.T.N...l.M.ue..O.....`/........8.|.a7.T%.R5.x... .)U...:dw....9r.tJ..........N....N..^.S..R..W..Y.4....'...}...P.........0$Q;0',.bU@........A..Q.....<.L.)...`FDwhVX8..~.#...e.."a:6..L.P.-...".......K...a.T....r..Da0.T..=../...G.C...b.x....W....D.S....oFa...L..3....a,...u..].!.z...@+..NP......./.&...aX...9....`.R...:....w..{.`

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\images\link.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 128 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1101
                                                                                                                                                                                                          Entropy (8bit):7.686753451899311
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:1f3v5+q2UtliFJGJVpHczJCMQFwdDC2oDCtEnPkEJA:Z3/tligVlccMQUDCpGtEnPkE6
                                                                                                                                                                                                          MD5:0212208FD406500388F08BC4189CC57E
                                                                                                                                                                                                          SHA1:79A82F1AC86D6C4BE3C3E4B0A790BFD4E2F6B27E
                                                                                                                                                                                                          SHA-256:A85170D26B9344DCA793C3B2326EC709D2F2D01578E78B855E82B14795B0025C
                                                                                                                                                                                                          SHA-512:33E7E2AE0B3D36D8E909CFFC993E6B36923E8775E780832F5D689C15D04712EA412B62CC709C53128D9ACAD34F1922CB9FEE90304DA2F879BEBEB4F3A67B9523
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......(.....6q.H....bKGD..............pHYs...#...#.x.?v....tIME.....7.6`......tEXtComment.Created with GIMPW.......IDATx..\1o.1.}g.?....J..L.XaA..:7.H,,.....0.2...R.t.TE....b..*.*.+...p...;..tCN...=?......uaRs.K%..[N9F.W....`[H.-...t.I...L.;.........!...?.\..|..{x.Z.@e}.....Jo......0zA..{<c...J=.8...*...YN...8[./G....o.9../.`F.....)PL.......s.&...Y.Hy.S.:.W..........9.^....h.w..8U b.O....zc..4*...../ %..OD..8.5....{.XY{..............d.<...tP.1..{o...%.f$F.....(.........D.....D6.i.....~v..m.2e.QS.k!V..K...xT.1}e.............\.y.u.1.>.pO...5.oZ...Ce.C.e.5}..l........[*39........:.E...[.....}...pOd#v..MK..)....S..5....{.T.N...l.M.ue..O.....`/........8.|.a7.T%.R5.x... .)U...:dw....9r.tJ..........N....N..^.S..R..W..Y.4....'...}...P.........0$Q;0',.bU@........A..Q.....<.L.)...`FDwhVX8..~.#...e.."a:6..L.P.-...".......K...a.T....r..Da0.T..=../...G.C...b.x....W....D.S....oFa...L..3....a,...u..].!.z...@+..NP......./.&...aX...9....`.R...:....w..{.`

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-3P2HH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10057
                                                                                                                                                                                                          Entropy (8bit):4.490014854752693
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ejQ2511mA/SZ1aHe768NxSnLuYd42QRDwdmxst8mHWVZyjqb/9rPj4Y8JYs5Rjkc:eH7eeeBJZhbN0X1R
                                                                                                                                                                                                          MD5:607A7C1AB93026D94916F21779D0D645
                                                                                                                                                                                                          SHA1:3D5A64B256FC44086E6E190EA0BC45B5999E1979
                                                                                                                                                                                                          SHA-256:EA61EEA6289C2FEBA7B7D0CC24DB5277E383102F24784E6BF7254AF41829599C
                                                                                                                                                                                                          SHA-512:D6749E2DBE46466A1CB1C464CE3F237836EF6B572EF897C7F5C9D12F80A6C0C7A5DFEA54C3499A91E14B29C8BBF0809CCE433C379F9E5DC0072E436F641C59AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..function ceshare.GetCurrentProcessList().. ceshare.currentprocesslist={}.. .. for pid,name in pairs(getProcessList()) do.. local md5name=stringToMD5String(string.lower(name)).. --search processlist for this.. if ceshare.processlist and ceshare.processlist[md5name] then.. local e={}.. e.pid=pid.. e.name=name.. e.md5=md5name.. table.insert(ceshare.currentprocesslist,e).. end.. end.. .. return ceshare.currentprocesslist..end....function ceshare.DownloadProcessList().. --Downloads the processlist .. local i=ceshare.getInternet().. local processlist=i.getURL(ceshare.base..'processlist.txt').. .. if processlist==nil then.. return.. end.. .. if processlist:sub(1,1)=='<' then.. return --it returned html code instead of a md5 list.. end.. .. local f=io.open(ceshare.path..[[processlist.txt]],'wb').. if f then.. f:write(processlist).. f:close().... synchronize(function() ceshare.settings.Value.LastProcessListDownload=os.time(

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-5T201.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4018
                                                                                                                                                                                                          Entropy (8bit):4.735117902416751
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:5ASgbBrZUxqShyY92Tm1E+J7YYI0+9+DKeRA453wxQRBhqvr5OOeCYBhSj:5ARB2hhPE+WY9+AzE5XsBhSj
                                                                                                                                                                                                          MD5:0D4D1B597712015EF1B0EC8ADC26495F
                                                                                                                                                                                                          SHA1:3584779C06619F545B47A27703AA2F47455D50DE
                                                                                                                                                                                                          SHA-256:89C8FCCC16D2AA0A3004DC1B477A5C1DCBBA539769B2A4558F7C7D9B9809B133
                                                                                                                                                                                                          SHA-512:AE26BBB2C3F74C143A01EC3B296A26699C679D51BC68C8C7B8C460616D1A0AA065500EBCA83E972A720BD7A3C5A7B63A673EAECEF1391A2E717208EF8DA0796F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:function ceshare.QueryTableComments(entry, startindex).. local result=nil.. local parameters='id='..entry.ID.. if startindex then.. parameters=parameters..'startindex='..startindex.. end.. local s=ceshare.QueryXURL('QueryTableComments.php', parameters).. if s then.. if s.Comments then.. result={}.. .. for i=1, s.Comments:numChildren() do.. local comment=s.Comments:children()[i].. local entry={}.. entry.ID=tonumber(comment["@ID"]).. entry.Username=comment["@username"].. entry.Message=comment["@message"].. entry.Time=comment["@time"].. table.insert(result, entry).. end .. end.. end .. return result..end......function ceshare.createCommentPanel(comment).. local panel=createPanel(ceshare.CommentsFrm.MessageBox).. panel.Align='alTop' .. panel.Tag=comment.ID .. .. local pnlMessage=createPanel(panel).. pnlMessage.align='alClient'.. .. local lblUsername=createLabel(pnlMessage).. lblUsername.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-8SR0I.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6583
                                                                                                                                                                                                          Entropy (8bit):4.856845566130843
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:2m3dOvyXANbHC7jmHmQr2LHymHG21h5rSTW/S4XHhOLOxInDLnrTH2n8ruHqhV4Z:2m3UvyW9mL/N5XYFCoKmo
                                                                                                                                                                                                          MD5:0B5180BD64689788EBEAA8E705A264AC
                                                                                                                                                                                                          SHA1:43A5CC401EE6C4FF4A94697112B1BC1D4345FC19
                                                                                                                                                                                                          SHA-256:8FD38A5E6C0408CA77E0E7A0EE179B4391758EC6DA94EA289E3A2CBC1AB1EC59
                                                                                                                                                                                                          SHA-512:CC26E2E36B93BF89AA16C744B2DB60D855DE616DB7A67F4FB24135545104459338C3EDEAB42BB316B1ECB0DB9E31970B1415A1BF638EA3E53AE31471330AEADB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..function ceshare.login(username,password).. local i=ceshare.getInternet().. local parameters='';.. if username then.. parameters=parameters..'username='..ceshare.url_encode(username).. end .. .. if password then.. parameters=parameters..'&password='..ceshare.url_encode(password).. end.. .. local r=i.postURL(ceshare.base..'login.php',parameters).. if r then.. if (r:sub(1,2)=='<?') then.. local s=ceshare.xmlParser:ParseXmlText(r).. if s then.. if s.Valid then.. ceshare.LoggedIn=true.. return true .. else.. if s.error then.. ceshare.showError(s.error:value()).. end.. end.. else.. ceshare.showError(r).. end.. else.. ceshare.showError(r);.. end.. else.. ceshare.showError('Login system failure').. end..end....function ceshare.logout().. local i=ceshare.getInternet().. local parameters='';.. i.postURL(ceshare.base..'logout.php',parameters).. ceshare.Lo

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-9MSQI.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3720
                                                                                                                                                                                                          Entropy (8bit):4.600809001198686
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:5JPi+sMwj8PiwwVtZw/FHesmsd6e2g8Qp18RHB0vjjmmNDARNbMymMNPuZdMUX28:5J6+sd4aw2ze/bPWh0RNaoy5uUY2hrEF
                                                                                                                                                                                                          MD5:65C8D4EDDFE05267A72EAE3DDB2CF02A
                                                                                                                                                                                                          SHA1:EEF2928D355C8B669F8854DA37162BA1FE32740A
                                                                                                                                                                                                          SHA-256:15B0C7682E5E8D2E2C2B8CB00C0C03B7DFA9439AC80C37F8E96A4F86652246F9
                                                                                                                                                                                                          SHA-512:1C151D5A44482362430FBC6ED4550671AD96E768942E4EC2A4C487182BED9D0326A0D40A1AC43F2C8A3DE1E18E33B055CE7126D80FEE9B5B7091ED83A22A41AD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--Responsible for editing permissions on tables and changing the owner....function ceshare.ManageAccessList(entry).. if entry then.. .. if ceshare.Permissions==nil then.. local f=createFormFromFile(ceshare.formpath..'Permissions.FRM') .. ceshare.PermissionsFrm=f.. .. f.OnDestroy=function(s).. ceshare.settings.Value['PermissionsFrm.x']=s.left.. ceshare.settings.Value['PermissionsFrm.y']=s.top.. end.. .. f.lbUserNames.Width=f.canvas.getTextWidth('this is a very long username wtf').. f.lbUserNames.Height=f.canvas.getTextHeight('QWERTYjkl')*10.. .. f.lbUsernames.OnDblClick=function(s).. if s.ItemIndex~=-1 then.. s.Items.delete(s.ItemIndex).. end .. end.. .. f.btnAddUSer.OnClick=function(s).. local name=f.EdtUsername.Text.. if name~='' then.. f.lbUserNames.Items.add(name) .. end.. end.. .... local newx=ceshare.settings.Valu

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-9OFV8.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5622
                                                                                                                                                                                                          Entropy (8bit):4.880391114169657
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:5cHxYq8COheJHVFvNmAYVL9rAaDu+WYtUX8T794B:5cLJHVF0AGBli+LtcYSB
                                                                                                                                                                                                          MD5:6CF99831E2AAAFB97E975EAE06A705FF
                                                                                                                                                                                                          SHA1:B6E71F7D3C779575598B65A6E4FB341344A3DDD2
                                                                                                                                                                                                          SHA-256:E9D57ACB17502AC169DEB37F211E472F68CD6E8A69E071D384B989FA45E9FA7F
                                                                                                                                                                                                          SHA-512:F6467C4C9DCAB563DBB5A337C76616208D1A1058D704B222E616E5A0809A156B1A29198919F4BF0D40C55A6E972439722C02AAC8A156C53572B6D7EF80986405
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:function ceshare.QueryProcessRequests(processname, startindex).. local result=nil.. if processname==nil or processname=='' then return end.. .. local parameters='processname='..ceshare.url_encode(processname).. if startindex then.. parameters=parameters..'startindex='..startindex.. end.. local s=ceshare.QueryXURL('QueryProcessRequests.php', parameters).. if s then.. if s.RequestList then.. result={}.. .. for i=1, s.RequestList:numChildren() do.. local request=s.RequestList:children()[i].. local entry={}.. entry.ID=tonumber(request["@ID"]).. entry.Username=request["@username"].. entry.Message=request["@message"].. entry.Score=tonumber(request["@score"]).. entry.Time=request["@time"].. .. table.insert(result, entry).. end .. end.. end.. .. return result..end....function ceshare.createRequestPanel(request).. local panel=createPanel(ceshare.RequestsFrm.MessageBox).. panel.Align='al

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-IP33U.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12865
                                                                                                                                                                                                          Entropy (8bit):4.882563186282491
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:08NVYz/SCrsKrYrygrL5UHsCYBv2S5OVhxPSidLhHYWZHHYzHuxN5FoXQuHNVcbU:Xod1grbuz9hHYWJaQCHqC
                                                                                                                                                                                                          MD5:665BB2E55E2A13157D1DBFEF05D1B905
                                                                                                                                                                                                          SHA1:408FEA33F574BD0FA9E4CB71958363398E0699BC
                                                                                                                                                                                                          SHA-256:DA6ECCE3DB7D305813FFE80CA994663D43F1068F0FB67399A4C66D1F28684BFA
                                                                                                                                                                                                          SHA-512:8FE95E22680E1E802D0CEEECBBD6B098526468B8CF4D838301D2833247D94E4F3B3A4B76A68F9FAAA2177B42FF2FFEA2DF46EF56A4A0CE501D126135CE8EE985
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local DPIMultiplier=(getScreenDPI()/96)..local ThumbnailWidth=240*DPIMultiplier..local ThumbnailHeight=80*DPIMultiplier....local DummyBitmap=createBitmap()..DummyBitmap.Canvas.Font.Size=12....local getListItemData,getThumbnail,generateListItemBitmap,getListItemBitmap..local cleanPage, setPage,getFullProcessList,filterList....--[[..ceshare.FullProcessList is the downloaded list which contains all entries..ceshare.FullProcessListView is the searchresult....--]]....local backgroundcolor....local darkMode=1..local windowColor,listColor,searchFieldColor,fontColor, fontSize, linkColor, highlightColor..if darkMode==1 then.. listColor=clBlack.. searchFieldColor=clBlack.. fontColor=clWhite.. windowColor=clBlack.. linkColor=0x0000ff.. highlightColor=0x00ff00..else .. listColor=clDefault.. searchFieldColor=clDefault.. fontColor=clDefault.. windowColor=clDefault.. linkColor=0xff0000.. highlightColor=clDefault..end....fontSize=12........function getListItemData(index).. local width..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-PKMDV.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):25075
                                                                                                                                                                                                          Entropy (8bit):4.523124761905836
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:RYDUUhQNWv2rzc3lytSv5ooI0/r5cCAn9zZMf4gybrby15VZ3faxLao0iH+WpeCC:uDUUhQ0OrbBKGYU63
                                                                                                                                                                                                          MD5:623B89F1E13C54A1F560B254317948B5
                                                                                                                                                                                                          SHA1:B90E2DE7A5CFF0B14738F2FB4F6A3A4E1EE1A17C
                                                                                                                                                                                                          SHA-256:0C6E90C2525F1560ACEA3F4BDAE056D11DF1C2F675C2335594DC80BB910A1B17
                                                                                                                                                                                                          SHA-512:F80CD50F860A5F8D5C6D6AB7BA8691B443DA91573F3F0FC8D5B82B79556C5AC02ACCC610870EA61A886ECB8A4491457965D082F8F41DF781DED1DB84F7157A3F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:function ceshare.enumModules2().. local m=enumModules().. local r={}.. .. for i=1,#m do.. r[m[i].Name:lower()]=m[i].. end.. .. return r..end....function ceshare.QueryProcessCheats(processname, headermd5, updatableOnly).. local modulelist=ceshare.enumModules2().. local result=nil.. local parameters='processname='..ceshare.url_encode(processname).. .. if isKeyPressed(VK_CONTROL)==false then --control lets you get a new script if needed.. local secondaryIdentifierCode=ceshare.secondaryIdentifierCode.Value[processname:lower()].. if secondaryIdentifierCode and secondaryIdentifierCode~='' then.. local value,param=loadstring(secondaryIdentifierCode)().. if value and param then.. parameters=parameters..'&secondaryidentifier='..ceshare.url_encode(param).. end.. end.. end.. .. if updatableOnly then.. parameters=parameters..'&updatableOnly=1';.. end.... .. .. .. --local r=ceshare.getInternet().postURL(url,parameters).. --local s=ceshare

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\ceshare\is-V34VI.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21455
                                                                                                                                                                                                          Entropy (8bit):4.719034004905997
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:K3KK7BDUUhaWlvyDep8IcDsfUPrBUpJRg:K3hDUUh3Kqp8X9UpPg
                                                                                                                                                                                                          MD5:87CD08B16891E0DBE3D47BB71CA91691
                                                                                                                                                                                                          SHA1:55D98338B4AA0DF3566CD2E721B3D3F86A3836AA
                                                                                                                                                                                                          SHA-256:6BFD35AA64AB566DDB68D0675AD3B4A093649010A9C30DF3A30A7F9DC2ED7702
                                                                                                                                                                                                          SHA-512:847BECF1D3066A3E185001035B68496B91876BDEB323734782C41FC9B2BDF665BF33C728CEBBE78E820654D87B1969C09B5D1FAED7498538CB5F761984108614
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local function isWindowVisible(winhandle).. return executeCodeLocal('IsWindowVisible',winhandle)~=0..end....local function getBaseParentFromWindowHandle(winhandle).. local i=0.. local last=winhandle.... while winhandle and (winhandle~=0) and (i<10000) do.. last=winhandle.. winhandle=getWindow(winhandle, GW_HWNDOWNER).. i=i+1.. end;.... return last..end....function ceshare.getProcessTitle(pid).. local w=getWindow(getForegroundWindow(), GW_HWNDFIRST).... local bases={}.... while w and (w~=0) do.. if getWindowProcessID(w)==pid then.. if isWindowVisible(w) then.. local h=getBaseParentFromWindowHandle(w).. local c=getWindowCaption(h).. if isWindowVisible(h) and (c~='') then.. bases[h]=c.. end.. end.. end.. w=getWindow(w,GW_HWNDNEXT).. end...... for h,n in pairs(bases) do.. return n --just hope for the best..... end..end....function ceshare.getCurrentProcessTitle().. return ceshare.getProcessTitle(getOpenedProce

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\CEJVMTI.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):50456
                                                                                                                                                                                                          Entropy (8bit):6.548128089503794
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:+B4cf1fqCWPiiyDf+TTmhX2cnX3/OtC2MD0OK9BRbAlQ4z:El38CfKmhXv/Ott20OKvR
                                                                                                                                                                                                          MD5:B02FA5C8EEFBCD010AAAC97A94FF62BB
                                                                                                                                                                                                          SHA1:FD88F2FC529515252CBCAB507F322B080853C38B
                                                                                                                                                                                                          SHA-256:7BD0D77FD790215BB67337F9F210B05AAAB0193D105B8FF86EC422E9875EB033
                                                                                                                                                                                                          SHA-512:1D18CB2CFFBF83EF949C2A34FA28C4E011C623C62CE743C7F320DB1ACFBD41BEA2EA6D3F0D93A34874973FC43367D6562C630F8B7912B22BE7CCC61851001A18
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6Nf;W 5;W 5;W 5...5:W 5%..58W 5%..56W 5%..5?W 5%..5?W 5..58W 5;W!5.W 5%..5=W 5%..5:W 5%..5:W 5Rich;W 5........PE..L...T.sS...........!.........(.......................................................=....@......................... .......T...P...............................p... ...................................@............................................text...2........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\32\is-F8MFP.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):50456
                                                                                                                                                                                                          Entropy (8bit):6.548128089503794
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:+B4cf1fqCWPiiyDf+TTmhX2cnX3/OtC2MD0OK9BRbAlQ4z:El38CfKmhXv/Ott20OKvR
                                                                                                                                                                                                          MD5:B02FA5C8EEFBCD010AAAC97A94FF62BB
                                                                                                                                                                                                          SHA1:FD88F2FC529515252CBCAB507F322B080853C38B
                                                                                                                                                                                                          SHA-256:7BD0D77FD790215BB67337F9F210B05AAAB0193D105B8FF86EC422E9875EB033
                                                                                                                                                                                                          SHA-512:1D18CB2CFFBF83EF949C2A34FA28C4E011C623C62CE743C7F320DB1ACFBD41BEA2EA6D3F0D93A34874973FC43367D6562C630F8B7912B22BE7CCC61851001A18
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6Nf;W 5;W 5;W 5...5:W 5%..58W 5%..56W 5%..5?W 5%..5?W 5..58W 5;W!5.W 5%..5=W 5%..5:W 5%..5:W 5Rich;W 5........PE..L...T.sS...........!.........(.......................................................=....@......................... .......T...P...............................p... ...................................@............................................text...2........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\CEJVMTI.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):62232
                                                                                                                                                                                                          Entropy (8bit):6.014187026705995
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:wm0hfdOrlHVzBkzORZN2UE0TjwNwqGN4cOlA/eQ4z:wNuVBaOohMFOlA/
                                                                                                                                                                                                          MD5:CEFC5C56720CA850CCB20FAF47733BD2
                                                                                                                                                                                                          SHA1:55F25CF4A7DE12607B085E8CFDBA0383F0207E9D
                                                                                                                                                                                                          SHA-256:F107DD69B4115864D289F364FAFC0E045FD3E9FC4BDE5586CE8C1BCF59CC65A7
                                                                                                                                                                                                          SHA-512:1B6FBA56FEAC4F4345B2F6CED82A3DDDACC3C0CB6F49C1D30105A8156B8DE851E34B9E31478C658C60D907C9F26237D2EFB7C2AB85ADB49905FDCCA6349A4DEE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.n.x...x...x......y...f...y...f...q...f...|...f...|......{...x...E...f...~...f...y...f...y...Richx...........................PE..d...I.sS.........." .........8...... ........................................ ............@.....................................................P...............................D... ................................................................................text...?........................... ..`.rdata...%.......&..................@..@.data...`...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\64\is-VU1B4.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):62232
                                                                                                                                                                                                          Entropy (8bit):6.014187026705995
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:wm0hfdOrlHVzBkzORZN2UE0TjwNwqGN4cOlA/eQ4z:wNuVBaOohMFOlA/
                                                                                                                                                                                                          MD5:CEFC5C56720CA850CCB20FAF47733BD2
                                                                                                                                                                                                          SHA1:55F25CF4A7DE12607B085E8CFDBA0383F0207E9D
                                                                                                                                                                                                          SHA-256:F107DD69B4115864D289F364FAFC0E045FD3E9FC4BDE5586CE8C1BCF59CC65A7
                                                                                                                                                                                                          SHA-512:1B6FBA56FEAC4F4345B2F6CED82A3DDDACC3C0CB6F49C1D30105A8156B8DE851E34B9E31478C658C60D907C9F26237D2EFB7C2AB85ADB49905FDCCA6349A4DEE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.n.x...x...x......y...f...y...f...q...f...|...f...|......{...x...E...f...~...f...y...f...y...Richx...........................PE..d...I.sS.........." .........8...... ........................................ ............@.....................................................P...............................D... ................................................................................text...?........................... ..`.rdata...%.......&..................@..@.data...`...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\DotNetInterface.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):39840
                                                                                                                                                                                                          Entropy (8bit):7.158632953476479
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:3N8So6jKJjZr25rm7V1VaXLkjYr25rm3V1VaXLkjn:3N8FaeF2m7P012m3P0A
                                                                                                                                                                                                          MD5:ED7867296697880928F297914D80F211
                                                                                                                                                                                                          SHA1:1CC9B65D8F94A04EA59B7511DF522FCB68C275E9
                                                                                                                                                                                                          SHA-256:3DC9EA4350E99E6216DA0840C53ED8CCCA39BA7DF7A4146B47AFFCAB128A4432
                                                                                                                                                                                                          SHA-512:044FDECCB4A46EDF37BBEF8E6CBB36AC586A2AA505B34F71977A2E404FFF088A60FF8277D0251B23C7F5D090A337B4CB5AF1FEA1A638B408EEC6F334BC416AD8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..(...........G... ...`....... ...............................?....@..................................G..O....`...............0...k...........F..8............................................ ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................G......H.......L1..............................................................R.{.....(......o....*....0..'.........#.....{.......o.....3....*r...ps....zR.{.....(......o....*.0............#.....{.......o....&..(....*R.{.....(......o....*..0............#.....{.......o....&..(....*R.{.....(......o....*..0............#.....{.......o....&..(....*...0..&.......(.....o........i(.....{........io....*...0..)........(.......#.....{.......o....&(.....o....*....0..R........(......(.....rG..p.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector32.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):417184
                                                                                                                                                                                                          Entropy (8bit):6.7644491521368
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:CLM9vziuDEVmqU2Im5/P1OhGKexP+gVuQ:lLiuDEV15/tVP+ouQ
                                                                                                                                                                                                          MD5:C5B870CE07DA5206D8A81E139920B7DC
                                                                                                                                                                                                          SHA1:F868450ED5F886F084C00345C75143C65FD9338E
                                                                                                                                                                                                          SHA-256:EB26B38A604CF98B95A39FD249C0771E351061A9894D22284CDFE984E8FC7A6C
                                                                                                                                                                                                          SHA-512:7DFB3E9940EC0D14B42C77483F71274701C46483E65EE57A0853A31F688CC5C3D0C0AF2050229BA196D9BEFF9813F259E3F92EEC9D8352CC0E416FEB4EB1A6BE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.1t"o_'"o_'"o_'..'/o_'..'.o_'..'?o_'p.Z&.o_'p.[&.o_'p.\&4o_'+..'!o_'"o^'Go_'..V&'o_'.._&#o_'...'#o_'..]&#o_'Rich"o_'........................PE..L....".c...........!.....D..........T........`...............................0.......&....@.........................0...X.......(........................k.......>..0V..p............................V..@............`..l............................text....B.......D.................. ..`.rdata...N...`...P...H..............@..@.data....&..........................@....rsrc...............................@..@.reloc...>.......@..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\MonoDataCollector64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):548768
                                                                                                                                                                                                          Entropy (8bit):6.397563059744258
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:7dShHq6xdR8zWUjwmoRb2qORTCKTJ7PYn:Z6xdqzWUjwmr8n
                                                                                                                                                                                                          MD5:4237719534B21BB179480ED8BB23C0CC
                                                                                                                                                                                                          SHA1:A1C8DB76137B6131B7B8FE379841CB3DF62F3B7D
                                                                                                                                                                                                          SHA-256:15EE5851FF1B33E369B43C66D44E3D1452A212C2A37F337B680FE8BD88DF8748
                                                                                                                                                                                                          SHA-512:4ACE9A2CA9BEAF64A3B097922300E6BF46729375CB4DFA4BC3D81B0420FF28CD45C2CFDB9C05E4885DDD39CB6BF160D932BE4711C219302D684D23AFEADB4F72
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..n.S..P..n.Q.YP..n.P..P..D.e..P...8...P...8...P...8...P...(1..P...P...P..I9...P..I9...P..I9]..P..I9...P..Rich.P..................PE..d....".c.........." .....X...................................................P............`.............................................X...h...(.... ..........h:.......k...0..........p...........................p................p...............................text....W.......X.................. ..`.rdata...)...p...*...\..............@..@.data...H7..........................@....pdata..h:.......<..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\dnd.dat (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, Stereo
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):54895
                                                                                                                                                                                                          Entropy (8bit):7.768231173906507
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:TEzw27ZEqFXUUj2CGLHfwa8OMerCYvLKtO0iEaF:TEzw27LFXXqBHfwa8OsZC
                                                                                                                                                                                                          MD5:C07B2CE2256D4DDE62F92CB684E23C02
                                                                                                                                                                                                          SHA1:1D1A234A9C1BDE7DC32867BEB8197A4BD8C6802B
                                                                                                                                                                                                          SHA-256:3F7948BFADE1F6A4F744580FB825330FB85668CD645CD6EE9F5915742584E932
                                                                                                                                                                                                          SHA-512:E0DEE259BCCF78D8EA64A2C0B7136FE5BC749564E9574DAD496AEEC6BC0DEF460A1CB2D5E63DA7CB62E6A2C31D497A8FF355305C58AA4A4BF9F9EE0C07636273
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:ID3.......TXXX.......major_brand.isom.TXXX.......minor_version.512.TXXX... ...compatible_brands.isomiso2mp41.TSSE.......Lavf58.45.100.............P.................................Info.......\................."$'*,/2479<>ACEHJMPSUXZ]_bdgilnqtvy|~......................................................Lavc58.91............$...........X....................0d....1...-.... ...... .....4.....`.1. x&1...O..~.B....0...N./..A....~...]k.ZD.B.E.`........=.n..3..)g.I.@.(..P!.....?5./|>.....!{.f*Gj*L'c............V..2d#...1...j.... ...... .....@.....B........?...%2....<...`,..5..s.>a..hU..A2....d\.......#..(6.?/../.}+.......bn........>..S...`.7r.$..`......S.....E...2DA...1!..n .F$A.-..X.@..@J.....HO....c... .1..@....]..Wk3....0.."...~...w..%.n.i.;................O.s......_..}....zldY...5..............rd.7=0 ....2DY...1 ..n .&$1.-..H.. .J..... ......(....A.. .$..2j'`.0...i.B" ,..:{..h0..92.df. ......94...."...Wt........'.^..o.6.X.&..8.X~!.aX.G..nUy...q....q,.e.(.'..0D]...3C..6.B.(X..L

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-1158P.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):548768
                                                                                                                                                                                                          Entropy (8bit):6.397563059744258
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:7dShHq6xdR8zWUjwmoRb2qORTCKTJ7PYn:Z6xdqzWUjwmr8n
                                                                                                                                                                                                          MD5:4237719534B21BB179480ED8BB23C0CC
                                                                                                                                                                                                          SHA1:A1C8DB76137B6131B7B8FE379841CB3DF62F3B7D
                                                                                                                                                                                                          SHA-256:15EE5851FF1B33E369B43C66D44E3D1452A212C2A37F337B680FE8BD88DF8748
                                                                                                                                                                                                          SHA-512:4ACE9A2CA9BEAF64A3B097922300E6BF46729375CB4DFA4BC3D81B0420FF28CD45C2CFDB9C05E4885DDD39CB6BF160D932BE4711C219302D684D23AFEADB4F72
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..n.S..P..n.Q.YP..n.P..P..D.e..P...8...P...8...P...8...P...(1..P...P...P..I9...P..I9...P..I9]..P..I9...P..Rich.P..................PE..d....".c.........." .....X...................................................P............`.............................................X...h...(.... ..........h:.......k...0..........p...........................p................p...............................text....W.......X.................. ..`.rdata...)...p...*...\..............@..@.data...H7..........................@....pdata..h:.......<..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-3T4D3.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, Stereo
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):54895
                                                                                                                                                                                                          Entropy (8bit):7.768231173906507
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:TEzw27ZEqFXUUj2CGLHfwa8OMerCYvLKtO0iEaF:TEzw27LFXXqBHfwa8OsZC
                                                                                                                                                                                                          MD5:C07B2CE2256D4DDE62F92CB684E23C02
                                                                                                                                                                                                          SHA1:1D1A234A9C1BDE7DC32867BEB8197A4BD8C6802B
                                                                                                                                                                                                          SHA-256:3F7948BFADE1F6A4F744580FB825330FB85668CD645CD6EE9F5915742584E932
                                                                                                                                                                                                          SHA-512:E0DEE259BCCF78D8EA64A2C0B7136FE5BC749564E9574DAD496AEEC6BC0DEF460A1CB2D5E63DA7CB62E6A2C31D497A8FF355305C58AA4A4BF9F9EE0C07636273
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:ID3.......TXXX.......major_brand.isom.TXXX.......minor_version.512.TXXX... ...compatible_brands.isomiso2mp41.TSSE.......Lavf58.45.100.............P.................................Info.......\................."$'*,/2479<>ACEHJMPSUXZ]_bdgilnqtvy|~......................................................Lavc58.91............$...........X....................0d....1...-.... ...... .....4.....`.1. x&1...O..~.B....0...N./..A....~...]k.ZD.B.E.`........=.n..3..)g.I.@.(..P!.....?5./|>.....!{.f*Gj*L'c............V..2d#...1...j.... ...... .....@.....B........?...%2....<...`,..5..s.>a..hU..A2....d\.......#..(6.?/../.}+.......bn........>..S...`.7r.$..`......S.....E...2DA...1!..n .F$A.-..X.@..@J.....HO....c... .1..@....]..Wk3....0.."...~...w..%.n.i.;................O.s......_..}....zldY...5..............rd.7=0 ....2DY...1 ..n .&$1.-..H.. .J..... ......(....A.. .$..2j'`.0...i.B" ,..:{..h0..92.df. ......94...."...Wt........'.^..o.6.X.&..8.X~!.aX.G..nUy...q....q,.e.(.'..0D]...3C..6.B.(X..L

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-FSUG1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):417184
                                                                                                                                                                                                          Entropy (8bit):6.7644491521368
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:CLM9vziuDEVmqU2Im5/P1OhGKexP+gVuQ:lLiuDEV15/tVP+ouQ
                                                                                                                                                                                                          MD5:C5B870CE07DA5206D8A81E139920B7DC
                                                                                                                                                                                                          SHA1:F868450ED5F886F084C00345C75143C65FD9338E
                                                                                                                                                                                                          SHA-256:EB26B38A604CF98B95A39FD249C0771E351061A9894D22284CDFE984E8FC7A6C
                                                                                                                                                                                                          SHA-512:7DFB3E9940EC0D14B42C77483F71274701C46483E65EE57A0853A31F688CC5C3D0C0AF2050229BA196D9BEFF9813F259E3F92EEC9D8352CC0E416FEB4EB1A6BE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.1t"o_'"o_'"o_'..'/o_'..'.o_'..'?o_'p.Z&.o_'p.[&.o_'p.\&4o_'+..'!o_'"o^'Go_'..V&'o_'.._&#o_'...'#o_'..]&#o_'Rich"o_'........................PE..L....".c...........!.....D..........T........`...............................0.......&....@.........................0...X.......(........................k.......>..0V..p............................V..@............`..l............................text....B.......D.................. ..`.rdata...N...`...P...H..............@..@.data....&..........................@....rsrc...............................@..@.reloc...>.......@..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\is-JN7D0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):39840
                                                                                                                                                                                                          Entropy (8bit):7.158632953476479
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:3N8So6jKJjZr25rm7V1VaXLkjYr25rm3V1VaXLkjn:3N8FaeF2m7P012m3P0A
                                                                                                                                                                                                          MD5:ED7867296697880928F297914D80F211
                                                                                                                                                                                                          SHA1:1CC9B65D8F94A04EA59B7511DF522FCB68C275E9
                                                                                                                                                                                                          SHA-256:3DC9EA4350E99E6216DA0840C53ED8CCCA39BA7DF7A4146B47AFFCAB128A4432
                                                                                                                                                                                                          SHA-512:044FDECCB4A46EDF37BBEF8E6CBB36AC586A2AA505B34F71977A2E404FFF088A60FF8277D0251B23C7F5D090A337B4CB5AF1FEA1A638B408EEC6F334BC416AD8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..(...........G... ...`....... ...............................?....@..................................G..O....`...............0...k...........F..8............................................ ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................G......H.......L1..............................................................R.{.....(......o....*....0..'.........#.....{.......o.....3....*r...ps....zR.{.....(......o....*.0............#.....{.......o....&..(....*R.{.....(......o....*..0............#.....{.......o....&..(....*R.{.....(......o....*..0............#.....{.......o....&..(....*...0..&.......(.....o........i(.....{........io....*...0..)........(.......#.....{.......o....&(.....o....*....0..R........(......(.....rG..p.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\Pipe.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1551
                                                                                                                                                                                                          Entropy (8bit):5.315181220757938
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:Z4mZHEKQU5rJeoOIqGSAARYqdVpPaKQ673pD56aLFs6cG4YUXC/ArOdt2qFjQ02y:h5DO/GsnxHsnG7U0ArytNjQMf8W
                                                                                                                                                                                                          MD5:9F6258B7C0FAFDE9B1D0ED44FFEA7070
                                                                                                                                                                                                          SHA1:FDBF716E6FD03BB3D2671F854A997EA46EFAE26F
                                                                                                                                                                                                          SHA-256:D020D9CF2563F8B6021593FA604E9CFBE54BCB8B7361CCDBC220E543A6995045
                                                                                                                                                                                                          SHA-512:DD00A5F40CAA128CCAED782E6ABA697DBD24CA194F051EF1FA542B3ACAAA618E08C822ECEC45EAC4A37FB29C889DC4DF5BB99CA6F328F010C4F4931D88A3EE7B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:....#ifdef _WINDOWS..#include <Windows.h>..#else..#include "macport.h"....#define ReadFile ReadFilePipeWrapper..#define WriteFile WriteFilePipeWrapper..#endif....#include "Pipe.h"....//superclass to make pipe handling easier to work with....Pipe::Pipe(void)..{...pipehandle=0;...InitializeCriticalSection(&cs);..}....Pipe::~Pipe(void)..{...//check if someone forgot to clean it up...if ((pipehandle!=0) && (pipehandle!=INVALID_HANDLE_VALUE))...{..#ifdef _WINDOWS....CloseHandle(pipehandle);..#else.. ClosePipe(pipehandle);..#endif....pipehandle=0;...}..... ..}....void Pipe::Lock(void)..{...EnterCriticalSection(&cs);..}....void Pipe::Unlock(void)..{...LeaveCriticalSection(&cs);..}....void Pipe::Read(PVOID buf, unsigned int count)..{...DWORD br;...if (count==0) return;...if (ReadFile(pipehandle, buf, count, &br, NULL)==FALSE)....throw("Read Error");..}....void Pipe::Write(PVOID buf, unsigned int count)..{...DWORD bw;...if (count==0) return;...if (WriteFile(pipehandle, buf, count, &bw

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\Pipe.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):507
                                                                                                                                                                                                          Entropy (8bit):5.260462788158599
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:lb1HAq75T1m1une2Vevm7vmp3jmuWjs5rCTLz:lVBYUwmTmp3jmuWjsaz
                                                                                                                                                                                                          MD5:956C9C67FE3FA489547C1767AFB50EC4
                                                                                                                                                                                                          SHA1:BC76C3E7DF811B582EE153C43B986C8ED107E72A
                                                                                                                                                                                                          SHA-256:65DF81AA1A72667285733FF7515632D7C003B2C21B37D623FC3F6663738137C0
                                                                                                                                                                                                          SHA-512:3FD906CB79B534FC63336005A605EE092FB8B028AD660882C3324F72D794CB1198C13FC23390B1FA1E0E895C1963F293B3411EC4599D67A5B8B8FDFD77840200
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....#ifndef _WINDOWS..#include "macport.h"..#endif....class Pipe..{..private:.. CRITICAL_SECTION cs;..protected:...HANDLE pipehandle;..public:...void Read(PVOID buf, unsigned int count);...void Write(PVOID buf, unsigned int count);...BYTE ReadByte();...WORD ReadWord();...DWORD ReadDword();...UINT64 ReadQword();...void WriteByte(BYTE b);...void WriteWord(WORD b);...void WriteDword(DWORD b);...void WriteQword(UINT64 b);.....void Lock();...void Unlock();.....Pipe(void);...~Pipe(void);..};..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-DJH38.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):507
                                                                                                                                                                                                          Entropy (8bit):5.260462788158599
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:lb1HAq75T1m1une2Vevm7vmp3jmuWjs5rCTLz:lVBYUwmTmp3jmuWjsaz
                                                                                                                                                                                                          MD5:956C9C67FE3FA489547C1767AFB50EC4
                                                                                                                                                                                                          SHA1:BC76C3E7DF811B582EE153C43B986C8ED107E72A
                                                                                                                                                                                                          SHA-256:65DF81AA1A72667285733FF7515632D7C003B2C21B37D623FC3F6663738137C0
                                                                                                                                                                                                          SHA-512:3FD906CB79B534FC63336005A605EE092FB8B028AD660882C3324F72D794CB1198C13FC23390B1FA1E0E895C1963F293B3411EC4599D67A5B8B8FDFD77840200
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....#ifndef _WINDOWS..#include "macport.h"..#endif....class Pipe..{..private:.. CRITICAL_SECTION cs;..protected:...HANDLE pipehandle;..public:...void Read(PVOID buf, unsigned int count);...void Write(PVOID buf, unsigned int count);...BYTE ReadByte();...WORD ReadWord();...DWORD ReadDword();...UINT64 ReadQword();...void WriteByte(BYTE b);...void WriteWord(WORD b);...void WriteDword(DWORD b);...void WriteQword(UINT64 b);.....void Lock();...void Unlock();.....Pipe(void);...~Pipe(void);..};..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Common\is-ROUDI.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1551
                                                                                                                                                                                                          Entropy (8bit):5.315181220757938
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:Z4mZHEKQU5rJeoOIqGSAARYqdVpPaKQ673pD56aLFs6cG4YUXC/ArOdt2qFjQ02y:h5DO/GsnxHsnG7U0ArytNjQMf8W
                                                                                                                                                                                                          MD5:9F6258B7C0FAFDE9B1D0ED44FFEA7070
                                                                                                                                                                                                          SHA1:FDBF716E6FD03BB3D2671F854A997EA46EFAE26F
                                                                                                                                                                                                          SHA-256:D020D9CF2563F8B6021593FA604E9CFBE54BCB8B7361CCDBC220E543A6995045
                                                                                                                                                                                                          SHA-512:DD00A5F40CAA128CCAED782E6ABA697DBD24CA194F051EF1FA542B3ACAAA618E08C822ECEC45EAC4A37FB29C889DC4DF5BB99CA6F328F010C4F4931D88A3EE7B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:....#ifdef _WINDOWS..#include <Windows.h>..#else..#include "macport.h"....#define ReadFile ReadFilePipeWrapper..#define WriteFile WriteFilePipeWrapper..#endif....#include "Pipe.h"....//superclass to make pipe handling easier to work with....Pipe::Pipe(void)..{...pipehandle=0;...InitializeCriticalSection(&cs);..}....Pipe::~Pipe(void)..{...//check if someone forgot to clean it up...if ((pipehandle!=0) && (pipehandle!=INVALID_HANDLE_VALUE))...{..#ifdef _WINDOWS....CloseHandle(pipehandle);..#else.. ClosePipe(pipehandle);..#endif....pipehandle=0;...}..... ..}....void Pipe::Lock(void)..{...EnterCriticalSection(&cs);..}....void Pipe::Unlock(void)..{...LeaveCriticalSection(&cs);..}....void Pipe::Read(PVOID buf, unsigned int count)..{...DWORD br;...if (count==0) return;...if (ReadFile(pipehandle, buf, count, &br, NULL)==FALSE)....throw("Read Error");..}....void Pipe::Write(PVOID buf, unsigned int count)..{...DWORD bw;...if (count==0) return;...if (WriteFile(pipehandle, buf, count, &bw

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI.sln (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1241
                                                                                                                                                                                                          Entropy (8bit):5.56652814239152
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:pPE7K71jtSk8H5IkT6GkTxkBZkm2kp6ckt8Ik/Tkk88W:pPAe1jtTeYQtYZ
                                                                                                                                                                                                          MD5:D602509D20C721D185D08DDFAB72EFD8
                                                                                                                                                                                                          SHA1:A7006EDA0FC346223377188F4941B39BE925E355
                                                                                                                                                                                                          SHA-256:F51DCDB8A36F5784994125E8F3451EA91A710FC844751319E839B448802E7A13
                                                                                                                                                                                                          SHA-512:02D79C2A4C1A175C38E35E08465B4C915FF2F185A10208F36C31B707AAE4E38BDB8E0F04F6DEE231622973ACBE12AD3A0B76EDFFBB69979337833C7E94A36108
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...Microsoft Visual Studio Solution File, Format Version 10.00..# Visual Studio 2008..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CEJVMTI", "CEJVMTI\CEJVMTI.vcproj", "{3C30A633-6797-4D59-936F-9A2A8CE79B25}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|Win32.ActiveCfg = Debug|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|Win32.Build.0 = Debug|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|x64.ActiveCfg = Debug|x64....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|x64.Build.0 = Debug|x64....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Release|Win32.ActiveCfg = Release|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Release|Win32.Build.0 = Release|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4789
                                                                                                                                                                                                          Entropy (8bit):5.316244410627971
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:7VupFugSq0HelONyzkBB9SFMJt9Knqk1Nd4Gl5CRTjwn67xahZ9X7s1uvQ8zVYWO:UFupqXdkEFWsnqUNd4GX/6GFo2Y
                                                                                                                                                                                                          MD5:021AA48BED78C67E3A7969BE8BC0BB5B
                                                                                                                                                                                                          SHA1:CCA95A2D7D82ED610245D3AE88DD19C339C402AC
                                                                                                                                                                                                          SHA-256:C9EF523D9ABCAC32BC86CC5E316C03749B64EC4BCE0343289C05E9366639696D
                                                                                                                                                                                                          SHA-512:D3E10547D368D50863CC781E1831C5FA6264FAA9CC64AF6114E7F4E21D361849BBEE0784F0D653BC824079E43BDD8AE8D02B5574520497B07E0022CBAAEF3C32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// CEJVMTI.cpp : Defines the exported functions for the DLL application...//....#include "stdafx.h"..#include "CEJVMTI.h"..#include "JavaServer.h"..#include "JavaEventServer.h"....void JNICALL AgentThread(jvmtiEnv* jvmti_env, JNIEnv* jni_env, void* arg)..{...CJavaServer *s=new CJavaServer(jvmti_env, jni_env);.....s->Start();.....delete s;...OutputDebugStringA("Still alive");....}........jvmtiIterationControl JNICALL initialHeapIterate(jlong class_tag, jlong size, jlong* tag_ptr, void* user_data)..{...//OutputDebugStringA("Tagging object\n");...*tag_ptr=1;...return JVMTI_ITERATION_CONTINUE;..}....int LaunchServer(jvmtiEnv *env, JNIEnv *jni)..{...jclass threadclass=jni->FindClass("java/lang/Thread");...if (threadclass==0)...{....OutputDebugStringA("jni->FindClass(\"java/lang/Thread\") failure");....return 0;...}.....jmethodID threadinit=jni->GetMethodID(threadclass, "<init>", "()V");...if (threadinit==0)...{....OutputDebugStringA("jni->GetMethodID failure");....return 0;...}..........//e

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):836
                                                                                                                                                                                                          Entropy (8bit):5.079968529942336
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:CwCaxHbe4JGywvVwOPGkTAIbDNzHOqMfsqM98DU+V6E:vxHbe4kywBGkTAIfNzHOqMUqM98wc6E
                                                                                                                                                                                                          MD5:20AF26E2AB559DDC6CA1929834DA003E
                                                                                                                                                                                                          SHA1:7AE93554FBCEC9851F68F16A2EAED9C3F299CE5F
                                                                                                                                                                                                          SHA-256:18C5FB7CB71EB7B2D1835CE44B24E09213AA885C1407E4E2401FBD2D74970D8E
                                                                                                                                                                                                          SHA-512:B9FF67E715E0489D761424266EDA7049F40FE38E0EE4F595B1D4B43E6E9F829074827DC4EBBF9FF368BE02A90A9343117930C88ED5FBB8E3D8EEBDA43A857D90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// The following ifdef block is the standard way of creating macros which make exporting ..// from a DLL simpler. All files within this DLL are compiled with the CEJVMTI_EXPORTS..// symbol defined on the command line. this symbol should not be defined on any project..// that uses this DLL. This way any other project whose source files include this file see ..// CEJVMTI_API functions as being imported from a DLL, whereas this DLL sees symbols..// defined with this macro as being exported...#ifdef CEJVMTI_EXPORTS..#define CEJVMTI_API __declspec(dllexport)..#else..#define CEJVMTI_API __declspec(dllimport)..#endif....// This class is exported from the CEJVMTI.dll..class CEJVMTI_API CCEJVMTI {..public:...CCEJVMTI(void);...// TODO: add your methods here...};....extern CEJVMTI_API int nCEJVMTI;....CEJVMTI_API int fnCEJVMTI(void);..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\CEJVMTI.vcproj (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10039
                                                                                                                                                                                                          Entropy (8bit):5.118940053099404
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:VnzWGB2Afbh77fByk+f8bi4n4w4RciFnFwFRyIF:RWGdfbhfB+f8bi4n4w4RciFnFwFRFF
                                                                                                                                                                                                          MD5:9EE34D72F0C9E158FCEBB31CD8878D6C
                                                                                                                                                                                                          SHA1:3F06D5E6E886961AF80FA823E2D52CE5CD0B84D8
                                                                                                                                                                                                          SHA-256:CAFE34E86117A15C4E0B40F12BCBB79CB6EF8F0AB8ED10DEF567357AB11637CD
                                                                                                                                                                                                          SHA-512:FB41AF029142289DE950BA7BC1512A586E9C9E2414F46BB755936637978D40ECA5D8E671369BE61ACD38E841BCD11C264E2DE55FBC087E91B4A7529FFE91A55B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="CEJVMTI"...ProjectGUID="{3C30A633-6797-4D59-936F-9A2A8CE79B25}"...RootNamespace="CEJVMTI"...Keyword="Win32Proj"...TargetFrameworkVersion="196613"...>...<Platforms>....<Platform.....Name="Win32"..../>....<Platform.....Name="x64"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="..\..\..\bin\autorun\dlls".....IntermediateDirectory="$(ConfigurationName)".....ConfigurationType="2".....CharacterSet="1".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirectories="E:\source\openjdk\jdk\src\share\javavm\export;E:

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\JavaEventServer.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9131
                                                                                                                                                                                                          Entropy (8bit):5.432032141224608
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:reWH42e/J83LkXasXVHMFyWH9MWUnsUeTxtbPYN9:C42RA4VL/RV
                                                                                                                                                                                                          MD5:59529578CDE1AE578ABCAAA331AA4FBA
                                                                                                                                                                                                          SHA1:33AB98509ED784580A259D1B310827C50B842F50
                                                                                                                                                                                                          SHA-256:E3795C3B94C84491A368C78FCBC4076BFADCA038AFE74DA2FA7FAB7415945658
                                                                                                                                                                                                          SHA-512:ACBD3884642E466D29FBE6D6A7337CCBAEC55147EA735098F9E463C6875B52B255480745847C3EFABCBAC72F9B72DD45CF259880A8D4700AFB68C3C07AC747BE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#include "StdAfx.h"..#include "JavaEventServer.h"......CJavaEventServer *old_eventserver=NULL;..CJavaEventServer *eventserver=NULL;....jvmtiEventCallbacks callbacks;......void JNICALL MethodLoad(jvmtiEnv *jvmti_env, jmethodID method, jint code_size, const void* code_addr, jint map_length, ..........const jvmtiAddrLocationMap* map, const void* compile_info)..{...if (eventserver)....eventserver->MethodLoad(jvmti_env, method, code_size, code_addr);....}....void JNICALL MethodUnload(jvmtiEnv *jvmti_env, jmethodID method, const void* code_addr)..{...if (eventserver)....eventserver->MethodUnload(jvmti_env, method, code_addr);..}....void JNICALL DynamicCodeGenerated(jvmtiEnv *jvmti_env, const char* name, const void* address, jint length)..{...if (eventserver)....eventserver->DynamicCodeGenerated(jvmti_env, name, address,length);..}....void JNICALL FieldModification(jvmtiEnv *jvmti_env, JNIEnv* jni_env, jthread thread, jmethodID method, jlocation location, jclass field_klass, jobject object, j

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\JavaEventServer.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1440
                                                                                                                                                                                                          Entropy (8bit):5.2417448709416385
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:l+LADzcCjadu1txScPArZXOuAR5qLtmWltXUC/sf4ADSt9:Ra2Sco9XOuAaplUC/sfy
                                                                                                                                                                                                          MD5:94DE75F30ECA367499F6C3CA7905048C
                                                                                                                                                                                                          SHA1:26B550FAC776E0647ECEB2B246086D07DBB1F12B
                                                                                                                                                                                                          SHA-256:289AF20BDC7D004491E224531CE0C267D251AEF5EBAD5F3FED1AF750679F26C9
                                                                                                                                                                                                          SHA-512:4A822471535DCEA02B5DD73CDE60C3965910F5187E0D7E1F1691E0483921DEE6C2B13E9BC3D1EC952186BCCAD6D05E79266C77BBF8060329C71715D3DA9B4496
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once..#include "pipe.h"....//pipe for transmitting java events like method load/free....#define EVENTCMD_METHODLOAD 0..#define EVENTCMD_METHODUNLOAD 1..#define EVENTCMD_DYNAMICCODEGENERATED 2..#define EVENTCMD_FIELDMODIFICATION 3..#define EVENTCMD_TERMINATED 255....using namespace std;....typedef struct..{...jfieldID fieldid;...jclass klass;...jobject object;..} FindWhatWritesEntry, *PFindWhatWritesEntry;....class CJavaEventServer :...public Pipe..{..private:...wchar_t pipename[256];...jvmtiEnv *jvmti_env;...vector<PFindWhatWritesEntry> FindWhatWritesList;....public:...CJavaEventServer(jvmtiEnv *jvmti_env);...~CJavaEventServer(void);.....void MethodLoad(jvmtiEnv *jvmti_env, jmethodID method, jint code_size, const void* code_addr);...void MethodUnload(jvmtiEnv *jvmti_env, jmethodID method, const void* code_addr);...void DynamicCodeGenerated(jvmtiEnv *jvmti_env, const char* name, const void* address, jint length);...void FieldModification(jvmtiEnv *jvmti_env, JNIEnv* jni_env, jth

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\JavaServer.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):42621
                                                                                                                                                                                                          Entropy (8bit):5.318768758669348
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Qw5oITw/RTdMaf2lBpn/Z2jc/AKJlXCR5A6Qw/iNufJiTTvMm5ETln6H:V1TwU7BJRCZQw/iNuBiTTvMvl6H
                                                                                                                                                                                                          MD5:AFABA48AD9AFA999503CCAAC45DF0710
                                                                                                                                                                                                          SHA1:45FEF1F5289CB3FD353F43EFD13ECE034803C9CD
                                                                                                                                                                                                          SHA-256:E02208CA6EBED1999D9761CC865CE98EABA28966DC32F40B5789733E52783BF9
                                                                                                                                                                                                          SHA-512:66B995A75C6F90177BCE4DCC93783B1409D20B8FF1C318B79B8DD7C8FE6A1DEE2F0AB906F30C5390D1C7B043D4E99717BF6FBC267318932D066721294C663552
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#include "StdAfx.h"..#include "JavaServer.h"....using namespace std;....int serverid=0;..int tagcount=0;....CJavaServer::CJavaServer(jvmtiEnv* jvmti_env, JNIEnv* jni_env)..{...//create a named pipe...jvmtiCapabilities cap;.......this->jni=jni_env;...this->jvmti=jvmti_env;.......jvmti->GetCapabilities(&cap);.....if (serverid==0)....swprintf(pipename, 256,L"\\\\.\\pipe\\cejavadc_pid%d", GetCurrentProcessId());...else....swprintf(pipename, 256,L"\\\\.\\pipe\\cejavadc_pid%d_%d", GetCurrentProcessId(),serverid);.......serverid++;..}....void CJavaServer::CreatePipeandWaitForconnect(void)..{....if ((pipehandle) && (pipehandle!=INVALID_HANDLE_VALUE))...{....CloseHandle(pipehandle);....pipehandle=0;...}.....pipehandle=CreateNamedPipe(pipename, PIPE_ACCESS_DUPLEX, PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, 1,256*1024, 16, INFINITE, NULL);...ConnectNamedPipe(pipehandle, NULL);..}....CJavaServer::~CJavaServer(void)..{....}....void CJavaServer::StartCodeCallbacks(void)..{...if (old_eventserve

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\JavaServer.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2957
                                                                                                                                                                                                          Entropy (8bit):5.440878996694979
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:ayZG0XyeJljj2/1lXdYTpCvLYsdiLYQFtbfmtTZzlLj:FG0XyeJp41ld8CTYFYQFF0
                                                                                                                                                                                                          MD5:8A6C5C03E9FEF26236D765C96CA20085
                                                                                                                                                                                                          SHA1:01C3F3D91B2EB573E0C92BB7B2F656A42A31FB1D
                                                                                                                                                                                                          SHA-256:962F6BA49567FD76AD41C87A10763249C320294A5C971B089E935B864E824AD3
                                                                                                                                                                                                          SHA-512:031FA1505CC5345144247B25A6791A265EFCD05ECEDAB5421215DFD6F30F64E6677EA5B23DF2BCE0118DC865C5C3AA67B704338BE9693663B8C1E26CF27A19C0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....#include "JavaEventServer.h"....#define JAVACMD_STARTCODECALLBACKS 0..#define JAVACMD_STOPCODECALLBACKS 1..#define JAVACMD_GETLOADEDCLASSES 2..#define JAVACMD_DEREFERENCELOCALOBJECT 3..#define JAVACMD_GETCLASSMETHODS 4..#define JAVACMD_GETCLASSFIELDS 5..#define JAVACMD_GETIMPLEMENTEDINTERFACES 6..#define JAVAVMD_FINDREFERENCESTOOBJECT 7..#define JAVACMD_FINDJOBJECT 8..#define JAVACMD_GETCLASSSIGNATURE 9..#define JAVACMD_GETSUPERCLASS 10..#define JAVACMD_GETOBJECTCLASS 11..#define JAVACMD_GETCLASSDATA 12..#define JAVACMD_REDEFINECLASS 13..#define JAVACMD_FINDCLASS 14..#define JAVACMD_GETCAPABILITIES 15..#define JAVACMD_GETMETHODNAME 16..#define JAVACMD_INVOKEMETHOD 17..#define JAVACMD_FINDCLASSOBJECTS 18..#define JAVACMD_ADDTOBOOTSTRAPCLASSLOADERPATH 19..#define JAVACMD_ADDTOSYSTEMCLASSLOADERPATH 20..#define JAVACMD_PUSHLOCALFRAME 21..#define JAVACMD_POPLOCALFRAME 22..#define JAVACMD_GETFIELDDECLARINGCLASS 23..#define JAVACMD_GETFIELDSIGNATURE 24..#define JAVACMD_GETFIEL

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\dllmain.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):410
                                                                                                                                                                                                          Entropy (8bit):5.041995140928715
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:j/ltWmmylAoQw/UkKTQRWDKSRROaAOaWZKSR7Mjoa:rWy7VU9aWGM3wWQMcoa
                                                                                                                                                                                                          MD5:66EFA1B79D7AEF68DFA369074ABC9CAA
                                                                                                                                                                                                          SHA1:67C347B1F2F8712B0CABB60E7E111CA1B3171F38
                                                                                                                                                                                                          SHA-256:542E67D6247001859B6BB38C2AA085F5446371EB2F2385546E12D0BF275DE503
                                                                                                                                                                                                          SHA-512:09DFBE5F7D95BBA3D4B9107C872F8690F6A714888B3146CA3E1468E41588D872EEE68AE8C4CC96B85B73B6F96F450C1D20496D9401BC94932D6F357EE42A225E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// dllmain.cpp : Defines the entry point for the DLL application...#include "stdafx.h"....BOOL APIENTRY DllMain( HMODULE hModule,.. DWORD ul_reason_for_call,.. LPVOID lpReserved....... )..{...switch (ul_reason_for_call)...{...case DLL_PROCESS_ATTACH:...case DLL_THREAD_ATTACH:...case DLL_THREAD_DETACH:...case DLL_PROCESS_DETACH:....break;...}...return TRUE;..}....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-0BFCL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):294
                                                                                                                                                                                                          Entropy (8bit):4.740307510696171
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:jGmyXH+5AMRNT15eAbyRFm+yll+5FdllZ+sMKcaGIA0RQbyyeGgLxLELpcxLglON:jGXXHJYx5fCE+yi5JlZ+4cWAoQB6mpcV
                                                                                                                                                                                                          MD5:2B573B5A4D6EC77A3138EC43A1B260C9
                                                                                                                                                                                                          SHA1:2A210A2645A2B8155CA8740211D6B366BA0D293D
                                                                                                                                                                                                          SHA-256:4CFBA14A6F738DD17BE066C3A8F595B84C0C33C1774C83736987B9EE8C0DF16B
                                                                                                                                                                                                          SHA-512:A04185BF7DA42D22F0AE01C55EFB7AA5FE0C5924820DF3AF2439B06E472131FB5659577B970834C08FBCA610A10EF41909B412B94B65BB5C8465047697647FDE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// stdafx.cpp : source file that includes just the standard includes..// CEJVMTI.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"....// TODO: reference any additional headers you need in STDAFX.H..// and not in this file..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-42JIV.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10039
                                                                                                                                                                                                          Entropy (8bit):5.118940053099404
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:VnzWGB2Afbh77fByk+f8bi4n4w4RciFnFwFRyIF:RWGdfbhfB+f8bi4n4w4RciFnFwFRFF
                                                                                                                                                                                                          MD5:9EE34D72F0C9E158FCEBB31CD8878D6C
                                                                                                                                                                                                          SHA1:3F06D5E6E886961AF80FA823E2D52CE5CD0B84D8
                                                                                                                                                                                                          SHA-256:CAFE34E86117A15C4E0B40F12BCBB79CB6EF8F0AB8ED10DEF567357AB11637CD
                                                                                                                                                                                                          SHA-512:FB41AF029142289DE950BA7BC1512A586E9C9E2414F46BB755936637978D40ECA5D8E671369BE61ACD38E841BCD11C264E2DE55FBC087E91B4A7529FFE91A55B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="CEJVMTI"...ProjectGUID="{3C30A633-6797-4D59-936F-9A2A8CE79B25}"...RootNamespace="CEJVMTI"...Keyword="Win32Proj"...TargetFrameworkVersion="196613"...>...<Platforms>....<Platform.....Name="Win32"..../>....<Platform.....Name="x64"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="..\..\..\bin\autorun\dlls".....IntermediateDirectory="$(ConfigurationName)".....ConfigurationType="2".....CharacterSet="1".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirectories="E:\source\openjdk\jdk\src\share\javavm\export;E:

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-51ITG.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):410
                                                                                                                                                                                                          Entropy (8bit):5.041995140928715
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:j/ltWmmylAoQw/UkKTQRWDKSRROaAOaWZKSR7Mjoa:rWy7VU9aWGM3wWQMcoa
                                                                                                                                                                                                          MD5:66EFA1B79D7AEF68DFA369074ABC9CAA
                                                                                                                                                                                                          SHA1:67C347B1F2F8712B0CABB60E7E111CA1B3171F38
                                                                                                                                                                                                          SHA-256:542E67D6247001859B6BB38C2AA085F5446371EB2F2385546E12D0BF275DE503
                                                                                                                                                                                                          SHA-512:09DFBE5F7D95BBA3D4B9107C872F8690F6A714888B3146CA3E1468E41588D872EEE68AE8C4CC96B85B73B6F96F450C1D20496D9401BC94932D6F357EE42A225E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// dllmain.cpp : Defines the entry point for the DLL application...#include "stdafx.h"....BOOL APIENTRY DllMain( HMODULE hModule,.. DWORD ul_reason_for_call,.. LPVOID lpReserved....... )..{...switch (ul_reason_for_call)...{...case DLL_PROCESS_ATTACH:...case DLL_THREAD_ATTACH:...case DLL_THREAD_DETACH:...case DLL_PROCESS_DETACH:....break;...}...return TRUE;..}....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-95FLC.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9131
                                                                                                                                                                                                          Entropy (8bit):5.432032141224608
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:reWH42e/J83LkXasXVHMFyWH9MWUnsUeTxtbPYN9:C42RA4VL/RV
                                                                                                                                                                                                          MD5:59529578CDE1AE578ABCAAA331AA4FBA
                                                                                                                                                                                                          SHA1:33AB98509ED784580A259D1B310827C50B842F50
                                                                                                                                                                                                          SHA-256:E3795C3B94C84491A368C78FCBC4076BFADCA038AFE74DA2FA7FAB7415945658
                                                                                                                                                                                                          SHA-512:ACBD3884642E466D29FBE6D6A7337CCBAEC55147EA735098F9E463C6875B52B255480745847C3EFABCBAC72F9B72DD45CF259880A8D4700AFB68C3C07AC747BE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#include "StdAfx.h"..#include "JavaEventServer.h"......CJavaEventServer *old_eventserver=NULL;..CJavaEventServer *eventserver=NULL;....jvmtiEventCallbacks callbacks;......void JNICALL MethodLoad(jvmtiEnv *jvmti_env, jmethodID method, jint code_size, const void* code_addr, jint map_length, ..........const jvmtiAddrLocationMap* map, const void* compile_info)..{...if (eventserver)....eventserver->MethodLoad(jvmti_env, method, code_size, code_addr);....}....void JNICALL MethodUnload(jvmtiEnv *jvmti_env, jmethodID method, const void* code_addr)..{...if (eventserver)....eventserver->MethodUnload(jvmti_env, method, code_addr);..}....void JNICALL DynamicCodeGenerated(jvmtiEnv *jvmti_env, const char* name, const void* address, jint length)..{...if (eventserver)....eventserver->DynamicCodeGenerated(jvmti_env, name, address,length);..}....void JNICALL FieldModification(jvmtiEnv *jvmti_env, JNIEnv* jni_env, jthread thread, jmethodID method, jlocation location, jclass field_klass, jobject object, j

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-DV7SG.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):836
                                                                                                                                                                                                          Entropy (8bit):5.079968529942336
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:CwCaxHbe4JGywvVwOPGkTAIbDNzHOqMfsqM98DU+V6E:vxHbe4kywBGkTAIfNzHOqMUqM98wc6E
                                                                                                                                                                                                          MD5:20AF26E2AB559DDC6CA1929834DA003E
                                                                                                                                                                                                          SHA1:7AE93554FBCEC9851F68F16A2EAED9C3F299CE5F
                                                                                                                                                                                                          SHA-256:18C5FB7CB71EB7B2D1835CE44B24E09213AA885C1407E4E2401FBD2D74970D8E
                                                                                                                                                                                                          SHA-512:B9FF67E715E0489D761424266EDA7049F40FE38E0EE4F595B1D4B43E6E9F829074827DC4EBBF9FF368BE02A90A9343117930C88ED5FBB8E3D8EEBDA43A857D90
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// The following ifdef block is the standard way of creating macros which make exporting ..// from a DLL simpler. All files within this DLL are compiled with the CEJVMTI_EXPORTS..// symbol defined on the command line. this symbol should not be defined on any project..// that uses this DLL. This way any other project whose source files include this file see ..// CEJVMTI_API functions as being imported from a DLL, whereas this DLL sees symbols..// defined with this macro as being exported...#ifdef CEJVMTI_EXPORTS..#define CEJVMTI_API __declspec(dllexport)..#else..#define CEJVMTI_API __declspec(dllimport)..#endif....// This class is exported from the CEJVMTI.dll..class CEJVMTI_API CCEJVMTI {..public:...CCEJVMTI(void);...// TODO: add your methods here...};....extern CEJVMTI_API int nCEJVMTI;....CEJVMTI_API int fnCEJVMTI(void);..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-HH7T1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1440
                                                                                                                                                                                                          Entropy (8bit):5.2417448709416385
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:l+LADzcCjadu1txScPArZXOuAR5qLtmWltXUC/sf4ADSt9:Ra2Sco9XOuAaplUC/sfy
                                                                                                                                                                                                          MD5:94DE75F30ECA367499F6C3CA7905048C
                                                                                                                                                                                                          SHA1:26B550FAC776E0647ECEB2B246086D07DBB1F12B
                                                                                                                                                                                                          SHA-256:289AF20BDC7D004491E224531CE0C267D251AEF5EBAD5F3FED1AF750679F26C9
                                                                                                                                                                                                          SHA-512:4A822471535DCEA02B5DD73CDE60C3965910F5187E0D7E1F1691E0483921DEE6C2B13E9BC3D1EC952186BCCAD6D05E79266C77BBF8060329C71715D3DA9B4496
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once..#include "pipe.h"....//pipe for transmitting java events like method load/free....#define EVENTCMD_METHODLOAD 0..#define EVENTCMD_METHODUNLOAD 1..#define EVENTCMD_DYNAMICCODEGENERATED 2..#define EVENTCMD_FIELDMODIFICATION 3..#define EVENTCMD_TERMINATED 255....using namespace std;....typedef struct..{...jfieldID fieldid;...jclass klass;...jobject object;..} FindWhatWritesEntry, *PFindWhatWritesEntry;....class CJavaEventServer :...public Pipe..{..private:...wchar_t pipename[256];...jvmtiEnv *jvmti_env;...vector<PFindWhatWritesEntry> FindWhatWritesList;....public:...CJavaEventServer(jvmtiEnv *jvmti_env);...~CJavaEventServer(void);.....void MethodLoad(jvmtiEnv *jvmti_env, jmethodID method, jint code_size, const void* code_addr);...void MethodUnload(jvmtiEnv *jvmti_env, jmethodID method, const void* code_addr);...void DynamicCodeGenerated(jvmtiEnv *jvmti_env, const char* name, const void* address, jint length);...void FieldModification(jvmtiEnv *jvmti_env, JNIEnv* jni_env, jth

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-MS1IL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4789
                                                                                                                                                                                                          Entropy (8bit):5.316244410627971
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:7VupFugSq0HelONyzkBB9SFMJt9Knqk1Nd4Gl5CRTjwn67xahZ9X7s1uvQ8zVYWO:UFupqXdkEFWsnqUNd4GX/6GFo2Y
                                                                                                                                                                                                          MD5:021AA48BED78C67E3A7969BE8BC0BB5B
                                                                                                                                                                                                          SHA1:CCA95A2D7D82ED610245D3AE88DD19C339C402AC
                                                                                                                                                                                                          SHA-256:C9EF523D9ABCAC32BC86CC5E316C03749B64EC4BCE0343289C05E9366639696D
                                                                                                                                                                                                          SHA-512:D3E10547D368D50863CC781E1831C5FA6264FAA9CC64AF6114E7F4E21D361849BBEE0784F0D653BC824079E43BDD8AE8D02B5574520497B07E0022CBAAEF3C32
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// CEJVMTI.cpp : Defines the exported functions for the DLL application...//....#include "stdafx.h"..#include "CEJVMTI.h"..#include "JavaServer.h"..#include "JavaEventServer.h"....void JNICALL AgentThread(jvmtiEnv* jvmti_env, JNIEnv* jni_env, void* arg)..{...CJavaServer *s=new CJavaServer(jvmti_env, jni_env);.....s->Start();.....delete s;...OutputDebugStringA("Still alive");....}........jvmtiIterationControl JNICALL initialHeapIterate(jlong class_tag, jlong size, jlong* tag_ptr, void* user_data)..{...//OutputDebugStringA("Tagging object\n");...*tag_ptr=1;...return JVMTI_ITERATION_CONTINUE;..}....int LaunchServer(jvmtiEnv *env, JNIEnv *jni)..{...jclass threadclass=jni->FindClass("java/lang/Thread");...if (threadclass==0)...{....OutputDebugStringA("jni->FindClass(\"java/lang/Thread\") failure");....return 0;...}.....jmethodID threadinit=jni->GetMethodID(threadclass, "<init>", "()V");...if (threadinit==0)...{....OutputDebugStringA("jni->GetMethodID failure");....return 0;...}..........//e

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-P95ON.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1428
                                                                                                                                                                                                          Entropy (8bit):4.639223269334076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:l6u3qiYCydaR3mGlNMPfKge6KgeLTK1u2Pui:n39YdMmG/MPfKge6KgeLTK1/Gi
                                                                                                                                                                                                          MD5:33F3A8E602AC6644AF839ACB3CA10709
                                                                                                                                                                                                          SHA1:0F76681306EBBE5063DA4C93919104D3E0134046
                                                                                                                                                                                                          SHA-256:0CE7BD4B75FCF8800FAFFD3B0A315CBFE7B89271B8705E9216404AF4D737D0BB
                                                                                                                                                                                                          SHA-512:81898FCF08C2EA7817479852771E11A67D766FBA25B4FC7A77D23C993C4274D1C7C66953951051D2952D1B52630A1BA5C5268D7E67C1B9C696CA5EF427E5EC0D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-QTJKK.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):42621
                                                                                                                                                                                                          Entropy (8bit):5.318768758669348
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Qw5oITw/RTdMaf2lBpn/Z2jc/AKJlXCR5A6Qw/iNufJiTTvMm5ETln6H:V1TwU7BJRCZQw/iNuBiTTvMvl6H
                                                                                                                                                                                                          MD5:AFABA48AD9AFA999503CCAAC45DF0710
                                                                                                                                                                                                          SHA1:45FEF1F5289CB3FD353F43EFD13ECE034803C9CD
                                                                                                                                                                                                          SHA-256:E02208CA6EBED1999D9761CC865CE98EABA28966DC32F40B5789733E52783BF9
                                                                                                                                                                                                          SHA-512:66B995A75C6F90177BCE4DCC93783B1409D20B8FF1C318B79B8DD7C8FE6A1DEE2F0AB906F30C5390D1C7B043D4E99717BF6FBC267318932D066721294C663552
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#include "StdAfx.h"..#include "JavaServer.h"....using namespace std;....int serverid=0;..int tagcount=0;....CJavaServer::CJavaServer(jvmtiEnv* jvmti_env, JNIEnv* jni_env)..{...//create a named pipe...jvmtiCapabilities cap;.......this->jni=jni_env;...this->jvmti=jvmti_env;.......jvmti->GetCapabilities(&cap);.....if (serverid==0)....swprintf(pipename, 256,L"\\\\.\\pipe\\cejavadc_pid%d", GetCurrentProcessId());...else....swprintf(pipename, 256,L"\\\\.\\pipe\\cejavadc_pid%d_%d", GetCurrentProcessId(),serverid);.......serverid++;..}....void CJavaServer::CreatePipeandWaitForconnect(void)..{....if ((pipehandle) && (pipehandle!=INVALID_HANDLE_VALUE))...{....CloseHandle(pipehandle);....pipehandle=0;...}.....pipehandle=CreateNamedPipe(pipename, PIPE_ACCESS_DUPLEX, PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, 1,256*1024, 16, INFINITE, NULL);...ConnectNamedPipe(pipehandle, NULL);..}....CJavaServer::~CJavaServer(void)..{....}....void CJavaServer::StartCodeCallbacks(void)..{...if (old_eventserve

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-T12KF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):542
                                                                                                                                                                                                          Entropy (8bit):4.851662037036262
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:jG0/fS4gZS4pSypyZbRAo9DGmreL5GAxA0jAiVvAihASAGjAz6cMqpcP6v:Fnapa9NBm5Gk/jfv3LBj9cMqpcs
                                                                                                                                                                                                          MD5:3718862895EA61A1A87FEB925092F535
                                                                                                                                                                                                          SHA1:7733DE8657B606A4BF18B844DEA6C500642EF964
                                                                                                                                                                                                          SHA-256:2FD0179BA87126CC35FB41D63FBEBBFBA185414960720B0A3DA652EC3B1AF641
                                                                                                                                                                                                          SHA-512:9357D5C4125F7CE8D2D31A72CFF04BA357565F69E0ED099076572C4E48B2A9E34C077D7462EBABC371952E6F9F48AAC17A1EFEE682573B49F7A7CF9752A41584
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// stdafx.h : include file for standard system include files,..// or project specific include files that are used frequently, but..// are changed infrequently..//....#pragma once....#include "targetver.h"....#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers..// Windows Header Files:..#include <windows.h>..#include <jvmti.h>..#include <classfile_constants.h>..#include <pipe.h>..#include <map>..#include <list>..#include <vector>......// TODO: reference additional headers your program requires here..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\is-VCJ0O.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2957
                                                                                                                                                                                                          Entropy (8bit):5.440878996694979
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:ayZG0XyeJljj2/1lXdYTpCvLYsdiLYQFtbfmtTZzlLj:FG0XyeJp41ld8CTYFYQFF0
                                                                                                                                                                                                          MD5:8A6C5C03E9FEF26236D765C96CA20085
                                                                                                                                                                                                          SHA1:01C3F3D91B2EB573E0C92BB7B2F656A42A31FB1D
                                                                                                                                                                                                          SHA-256:962F6BA49567FD76AD41C87A10763249C320294A5C971B089E935B864E824AD3
                                                                                                                                                                                                          SHA-512:031FA1505CC5345144247B25A6791A265EFCD05ECEDAB5421215DFD6F30F64E6677EA5B23DF2BCE0118DC865C5C3AA67B704338BE9693663B8C1E26CF27A19C0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....#include "JavaEventServer.h"....#define JAVACMD_STARTCODECALLBACKS 0..#define JAVACMD_STOPCODECALLBACKS 1..#define JAVACMD_GETLOADEDCLASSES 2..#define JAVACMD_DEREFERENCELOCALOBJECT 3..#define JAVACMD_GETCLASSMETHODS 4..#define JAVACMD_GETCLASSFIELDS 5..#define JAVACMD_GETIMPLEMENTEDINTERFACES 6..#define JAVAVMD_FINDREFERENCESTOOBJECT 7..#define JAVACMD_FINDJOBJECT 8..#define JAVACMD_GETCLASSSIGNATURE 9..#define JAVACMD_GETSUPERCLASS 10..#define JAVACMD_GETOBJECTCLASS 11..#define JAVACMD_GETCLASSDATA 12..#define JAVACMD_REDEFINECLASS 13..#define JAVACMD_FINDCLASS 14..#define JAVACMD_GETCAPABILITIES 15..#define JAVACMD_GETMETHODNAME 16..#define JAVACMD_INVOKEMETHOD 17..#define JAVACMD_FINDCLASSOBJECTS 18..#define JAVACMD_ADDTOBOOTSTRAPCLASSLOADERPATH 19..#define JAVACMD_ADDTOSYSTEMCLASSLOADERPATH 20..#define JAVACMD_PUSHLOCALFRAME 21..#define JAVACMD_POPLOCALFRAME 22..#define JAVACMD_GETFIELDDECLARINGCLASS 23..#define JAVACMD_GETFIELDSIGNATURE 24..#define JAVACMD_GETFIEL

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\stdafx.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):294
                                                                                                                                                                                                          Entropy (8bit):4.740307510696171
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:jGmyXH+5AMRNT15eAbyRFm+yll+5FdllZ+sMKcaGIA0RQbyyeGgLxLELpcxLglON:jGXXHJYx5fCE+yi5JlZ+4cWAoQB6mpcV
                                                                                                                                                                                                          MD5:2B573B5A4D6EC77A3138EC43A1B260C9
                                                                                                                                                                                                          SHA1:2A210A2645A2B8155CA8740211D6B366BA0D293D
                                                                                                                                                                                                          SHA-256:4CFBA14A6F738DD17BE066C3A8F595B84C0C33C1774C83736987B9EE8C0DF16B
                                                                                                                                                                                                          SHA-512:A04185BF7DA42D22F0AE01C55EFB7AA5FE0C5924820DF3AF2439B06E472131FB5659577B970834C08FBCA610A10EF41909B412B94B65BB5C8465047697647FDE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// stdafx.cpp : source file that includes just the standard includes..// CEJVMTI.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"....// TODO: reference any additional headers you need in STDAFX.H..// and not in this file..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\stdafx.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):542
                                                                                                                                                                                                          Entropy (8bit):4.851662037036262
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:jG0/fS4gZS4pSypyZbRAo9DGmreL5GAxA0jAiVvAihASAGjAz6cMqpcP6v:Fnapa9NBm5Gk/jfv3LBj9cMqpcs
                                                                                                                                                                                                          MD5:3718862895EA61A1A87FEB925092F535
                                                                                                                                                                                                          SHA1:7733DE8657B606A4BF18B844DEA6C500642EF964
                                                                                                                                                                                                          SHA-256:2FD0179BA87126CC35FB41D63FBEBBFBA185414960720B0A3DA652EC3B1AF641
                                                                                                                                                                                                          SHA-512:9357D5C4125F7CE8D2D31A72CFF04BA357565F69E0ED099076572C4E48B2A9E34C077D7462EBABC371952E6F9F48AAC17A1EFEE682573B49F7A7CF9752A41584
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// stdafx.h : include file for standard system include files,..// or project specific include files that are used frequently, but..// are changed infrequently..//....#pragma once....#include "targetver.h"....#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers..// Windows Header Files:..#include <windows.h>..#include <jvmti.h>..#include <classfile_constants.h>..#include <pipe.h>..#include <map>..#include <list>..#include <vector>......// TODO: reference additional headers your program requires here..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\CEJVMTI\targetver.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1428
                                                                                                                                                                                                          Entropy (8bit):4.639223269334076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:l6u3qiYCydaR3mGlNMPfKge6KgeLTK1u2Pui:n39YdMmG/MPfKge6KgeLTK1/Gi
                                                                                                                                                                                                          MD5:33F3A8E602AC6644AF839ACB3CA10709
                                                                                                                                                                                                          SHA1:0F76681306EBBE5063DA4C93919104D3E0134046
                                                                                                                                                                                                          SHA-256:0CE7BD4B75FCF8800FAFFD3B0A315CBFE7B89271B8705E9216404AF4D737D0BB
                                                                                                                                                                                                          SHA-512:81898FCF08C2EA7817479852771E11A67D766FBA25B4FC7A77D23C993C4274D1C7C66953951051D2952D1B52630A1BA5C5268D7E67C1B9C696CA5EF427E5EC0D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Java\CEJVMTI\is-LUSKO.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1241
                                                                                                                                                                                                          Entropy (8bit):5.56652814239152
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:pPE7K71jtSk8H5IkT6GkTxkBZkm2kp6ckt8Ik/Tkk88W:pPAe1jtTeYQtYZ
                                                                                                                                                                                                          MD5:D602509D20C721D185D08DDFAB72EFD8
                                                                                                                                                                                                          SHA1:A7006EDA0FC346223377188F4941B39BE925E355
                                                                                                                                                                                                          SHA-256:F51DCDB8A36F5784994125E8F3451EA91A710FC844751319E839B448802E7A13
                                                                                                                                                                                                          SHA-512:02D79C2A4C1A175C38E35E08465B4C915FF2F185A10208F36C31B707AAE4E38BDB8E0F04F6DEE231622973ACBE12AD3A0B76EDFFBB69979337833C7E94A36108
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...Microsoft Visual Studio Solution File, Format Version 10.00..# Visual Studio 2008..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CEJVMTI", "CEJVMTI\CEJVMTI.vcproj", "{3C30A633-6797-4D59-936F-9A2A8CE79B25}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|Win32.ActiveCfg = Debug|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|Win32.Build.0 = Debug|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|x64.ActiveCfg = Debug|x64....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Debug|x64.Build.0 = Debug|x64....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Release|Win32.ActiveCfg = Release|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}.Release|Win32.Build.0 = Release|Win32....{3C30A633-6797-4D59-936F-9A2A8CE79B25}

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector.sln (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1351
                                                                                                                                                                                                          Entropy (8bit):5.483553389434968
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:pPEkpnjkaUdex0H5p6DK/C868u8o2/b88W:pPTnjY6eqp8bo2/IZ
                                                                                                                                                                                                          MD5:9A2A2CADE7D370C563896D2C6F07D1C2
                                                                                                                                                                                                          SHA1:E01491AE49454E194C3B4DE2AE668AFEF27B3F3E
                                                                                                                                                                                                          SHA-256:287EE21B22308A8B979EB259417503D5B1542BBBF0859EE9344C085DE7866495
                                                                                                                                                                                                          SHA-512:CB9337B576030AF522180F16D8B52B36A9CC8099DB19A17D18CE92559C191CA4B61F27BBDA051E895A7E9455033BAB3C52FD057FA52F138F735DCC485F46B546
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 2013..VisualStudioVersion = 12.0.30723.0..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MonoDataCollector", "MonoDataCollector\MonoDataCollector.vcxproj", "{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|Win32.ActiveCfg = Debug|Win32....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|Win32.Build.0 = Debug|Win32....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|x64.ActiveCfg = Debug|x64....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|x64.Build.0 = Debug|x64....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Release|Win32.ActiveCfg = Release|Win32....{941726A

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\Metadata.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4749
                                                                                                                                                                                                          Entropy (8bit):5.050824950813426
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:iDz9qCj948ryMvEsMXoQ/O04a0smj9Mn/jMi/Y3SfsdIrmjFFZpmb/RmAdnEm1pd:g5p1O33Bk+QF9jeh9pBdPpFN
                                                                                                                                                                                                          MD5:1E571535D8459B8A3FCBA0C9E4871FA4
                                                                                                                                                                                                          SHA1:1C0F2CED9985BA808A648C9D95D7DB5076082985
                                                                                                                                                                                                          SHA-256:E66368085DB41EF91395CC1212A970117376B5B535E97F291FD71B2277BA9619
                                                                                                                                                                                                          SHA-512:3369613A4BDE6B49C73AD70E8DF2EBE7BD1C05FD0D7CBC5E87C5F1F3408FA36F8D7A40C19B097E541A649D7C0F30EE9FDB46B677E926A7A862FA2B794FDC9A80
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview://original source: blob.h in the mono sourcecode....../*.. * Encoding for type signatures used in the Metadata.. */..typedef enum {...MONO_TYPE_END = 0x00, /* End of List */...MONO_TYPE_VOID = 0x01,...MONO_TYPE_BOOLEAN = 0x02,...MONO_TYPE_CHAR = 0x03,...MONO_TYPE_I1 = 0x04,...MONO_TYPE_U1 = 0x05,...MONO_TYPE_I2 = 0x06,...MONO_TYPE_U2 = 0x07,...MONO_TYPE_I4 = 0x08,...MONO_TYPE_U4 = 0x09,...MONO_TYPE_I8 = 0x0a,...MONO_TYPE_U8 = 0x0b,...MONO_TYPE_R4 = 0x0c,...MONO_TYPE_R8 = 0x0d,...MONO_TYPE_STRING = 0x0e,...MONO_TYPE_PTR = 0x0f, /* arg: <type> token */...MONO_TYPE_BYREF = 0x10, /* arg: <type> token */...MONO_TYPE_VALUETYPE = 0x11, /* arg: <type> token */...MONO_TYPE_CLASS = 0x12, /* arg: <type> token */...MONO_TYPE_VAR. = 0x13,. /* number */...MONO_TYPE_ARRAY = 0x14, /* type, rank, boundsCount, bound1, loCount, lo1 */..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\MonoDataCollector.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3498
                                                                                                                                                                                                          Entropy (8bit):5.386752810495523
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ycfIokZotRYYftF1//JlB/R+reZhIxL3HmVZirMiKH8gEIsrdGXCYIr/J+Nn35t1:tAokZotRYYftF1//JlB/R+qZhIxL3Hm1
                                                                                                                                                                                                          MD5:35C7C5B4162098879D86CA2D5D7403E7
                                                                                                                                                                                                          SHA1:BDB921B2A10398DE218F33EDD4028E2B247F8592
                                                                                                                                                                                                          SHA-256:6F971E6E28F95B72775FA0D85922F58FC6BB5B68B34DB72C9D2F69E9374CA09C
                                                                                                                                                                                                          SHA-512:70C259E5C01D1EAD0694ADEBAC7639998A2EA3ECB52961B22F74C113669CCD50F80E884EF30D8DEB02028736A06B71F82F3A80EE20121613F8F3049C4D8D2655
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifdef _WINDOWS..#include "stdafx.h"..#elif __linux__..#include "linuxport.h"..#else..#include "macport.h"..#endif....#include "PipeServer.h"........HANDLE DataCollectorThread;..HANDLE SuicideThread;..HINSTANCE g_hInstance;....typedef enum _THREADINFOCLASS {.. ThreadBasicInformation,.. ThreadTimes,.. ThreadPriority,.. ThreadBasePriority,.. ThreadAffinityMask,.. ThreadImpersonationToken,.. ThreadDescriptorTableEntry,.. ThreadEnableAlignmentFaultFixup,.. ThreadEventPair_Reusable,.. ThreadQuerySetWin32StartAddress,.. ThreadZeroTlsCell,.. ThreadPerformanceCount,.. ThreadAmILastThread,.. ThreadIdealProcessor,.. ThreadPriorityBoost,.. ThreadSetTlsArrayAddress, // Obsolete.. ThreadIsIoPending,.. ThreadHideFromDebugger,.. ThreadBreakOnTermination,.. ThreadSwitchLegacyState,.. ThreadIsTerminated,.. ThreadLastSystemCall,.. ThreadIoPriority,.. ThreadCycleTime,.. ThreadPagePriority,.. ThreadActualBasePriority,.. Thr

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\MonoDataCollector.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):361
                                                                                                                                                                                                          Entropy (8bit):5.139139694869984
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:2+bxmgVJAl3JmgRF80JRiCIqj/uFSJAQaP5a0Tj/5vpL5a0iTVDzz4jLxwLDPVMy:lbxVJAl5XRF1JTfJAQQQIxvpLQ/PSNw/
                                                                                                                                                                                                          MD5:A9DA212C35E442501960243A47A7C4DA
                                                                                                                                                                                                          SHA1:DA608C4AA6EEF1755F29366EA40BF826F07FFEB3
                                                                                                                                                                                                          SHA-256:23042548A0B202F76F0B66332844D796FC20C4FB4937D92299156E503ABC3F1D
                                                                                                                                                                                                          SHA-512:8A6C5A941C051C52C9DF9B151B354F3C82ED4E8041D000CD6DC2869A99C16064F753A9B6391F15A0A51CDB3CC9972FA0D3F3F191BA813BA00FD6A185D042BD76
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....extern HANDLE DataCollectorThread;..extern HANDLE SuicideThread;..extern HINSTANCE g_hInstance;..DWORD WINAPI DataCollectorEntry(LPVOID lpThreadParameter);..DWORD WINAPI SuicideCheck(LPVOID lpThreadParameter);....#ifdef __APPLE__..void MacPortEntryPoint(void *param);..#endif....#ifdef __linux__..void LinuxPortEntryPoint(void *param);..#endif..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\MonoDataCollector.vcproj (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5600
                                                                                                                                                                                                          Entropy (8bit):5.094870445203132
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:drlz+71S6oa5zNq5+NtoottAipiwpHipfwp56q3bI4:Zp+skNca8i4whiFwyqb
                                                                                                                                                                                                          MD5:005A2F50AB3176D92010BE6DDF941655
                                                                                                                                                                                                          SHA1:9978E4C49D43172F8855A4748168345F2CA5BFF5
                                                                                                                                                                                                          SHA-256:A73AE1CBF54A722CE9433DA14D0600AFD504B09F5F681ED4BE9C9F5EF0E16A38
                                                                                                                                                                                                          SHA-512:8EC75F7B33F5C97853B63675621430A4C3975E8D6737A546D5983917E2C5FF17D4B6517FBA9D74F0F7C61CF4111F101B1231A97556A09908EC3B5EDF843859F2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="MonoDataCollector"...ProjectGUID="{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}"...RootNamespace="MonoDataCollector"...Keyword="Win32Proj"...TargetFrameworkVersion="196613"...>...<Platforms>....<Platform.....Name="Win32"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="..\..\bin\autorun\dlls".....IntermediateDirectory="$(ConfigurationName)".....ConfigurationType="2".....CharacterSet="1".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirectories="..\..\Common"......PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\PipeServer.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):71747
                                                                                                                                                                                                          Entropy (8bit):5.443198228857467
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:23vsKL5IB9DGdvGgFmk2N8VBFFlIsc8bOJObk:20Kq8VBFNc85k
                                                                                                                                                                                                          MD5:6E26B821A5660C3FB1414DBBA46636BF
                                                                                                                                                                                                          SHA1:E5AFF92AABB4C902CA2CE617DD2546956648C462
                                                                                                                                                                                                          SHA-256:F125B75EE7CAC4F30B9C399B6A371B62A3960E4DB11A64F8937E469B9C2BDD40
                                                                                                                                                                                                          SHA-512:647514B0E0537F3018DB7F500FDA81801AB68E02F663892E4D3A3A9A71CBD303A356371C227BBAC3154E883AEFEDDEC699CF40C99B2096E6F993B8B857C2A316
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifdef _WINDOWS..#include "StdAfx.h"..#endif....#ifdef __APPLE__..#include "macport.h"..#endif....#include <setjmp.h>..#ifdef __linux__..#include <signal.h>..#include <sys/types.h>..#include <string.h>..#include <unistd.h>..#include <sys/syscall.h>....#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 30..#define gettid() syscall(SYS_gettid)..#endif....#endif //linux........#include <signal.h>..#include <sys/types.h>....#include "PipeServer.h"........BOOL ExpectingAccessViolations = FALSE;....#ifdef _WINDOWS..#pragma warning( disable : 4101)..HANDLE MDC_ServerPipe = 0;..DWORD ExpectingAccessViolationsThread = 0;..#else..uint64_t ExpectingAccessViolationsThread = 0;..#endif....typedef uint64_t QWORD;......jmp_buf onError;....void ErrorThrow(void)..{...longjmp(onError, 1);..}......#ifdef _WINDOWS......int looper = 0;..LONG NTAPI ErrorFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)..{...if ((ExpectingAccessViolations) && (GetCurrentThreadId() == ExpectingAccessViolationsThread) && (ExceptionInfo->

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\PipeServer.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17047
                                                                                                                                                                                                          Entropy (8bit):5.4217354569721214
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:cBl0g5ShHzjEs2eI4Nw6YolkVXWNcN5qHyVGwuY0aUO+HXL:cBl1Y0j67lkVXWNcNiywbb
                                                                                                                                                                                                          MD5:359419B5EAD252EE248BE37873672D8E
                                                                                                                                                                                                          SHA1:0E18258FFC1E29A9E53824A8F86383E1BC2FC603
                                                                                                                                                                                                          SHA-256:FA4715152CC91D2F6C5C170FADDA74961A2CB12809F560AA37A34F7C185C76F0
                                                                                                                                                                                                          SHA-512:0F757B21B356676FE376D99F64189D86795FD6E9DB411B661A517E1B20172D7183129CC8762DB7E19DD83C826AFD57B6C35AFDCBAEC05C2AF83C6496F7C4D2D6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....#include <Pipe.h>..#ifndef _WINDOWS..#include "Metadata.h"..#endif...... //yyyymmdd..#define MONO_DATACOLLECTORVERSION 20221207 ....#define MONOCMD_INITMONO 0..#define MONOCMD_OBJECT_GETCLASS 1..#define MONOCMD_ENUMDOMAINS 2..#define MONOCMD_SETCURRENTDOMAIN 3..#define MONOCMD_ENUMASSEMBLIES 4..#define MONOCMD_GETIMAGEFROMASSEMBLY 5..#define MONOCMD_GETIMAGENAME 6..#define MONOCMD_ENUMCLASSESINIMAGE 7..#define MONOCMD_ENUMFIELDSINCLASS 8..#define MONOCMD_ENUMMETHODSINCLASS 9..#define MONOCMD_COMPILEMETHOD 10....#define MONOCMD_GETMETHODHEADER 11..#define MONOCMD_GETMETHODHEADER_CODE 12..#define MONOCMD_LOOKUPRVA 13..#define MONOCMD_GETJITINFO 14..#define MONOCMD_FINDCLASS 15..#define MONOCMD_FINDMETHOD 16..#define MONOCMD_GETMETHODNAME 17..#define MONOCMD_GETMETHODCLASS 18..#define MONOCMD_GETCLASSNAME 19..#define MONOCMD_GETCLASSNAMESPACE 20..#define MONOCMD_FREEMETHOD 21..#define MONOCMD_TERMINATE 22..#define MONOCMD_DISASSEMBLE 23..#def

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\dllmain.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):682
                                                                                                                                                                                                          Entropy (8bit):5.267391865519074
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:j/ltWmmylAoQ3/UkKTzuKTRWDKSRWMqIJCJAlosePSJAQnxPs5rF43oLOaAOaWZW:rWy7sU9zu6WGMKIAXsCStxPs5rF43olG
                                                                                                                                                                                                          MD5:4A220BB5A39A19E5E63123E8BA31FAF9
                                                                                                                                                                                                          SHA1:3E6667ED6E85E021FD9091C8EB2FDCA3C2DDEF41
                                                                                                                                                                                                          SHA-256:01F9B1931FDC3D8CB1B82D759A182AE617AF8986846A2B6F23092F78A39C8AD7
                                                                                                                                                                                                          SHA-512:734FD1ACEEE62A86A56DFC94E6E6FF264AE924AADFDC47EAC405E252FE3965633992D192CFAC6068AD7F2CAA170B594A0839D09ECE60976A27A363F69C1E1A5D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// dllmain.cpp : Defines the entry point for the DLL application...#include "stdafx.h"......BOOL APIENTRY DllMain( HMODULE hModule,.. DWORD ul_reason_for_call,.. LPVOID lpReserved....... )..{...OutputDebugStringA("MDC: DllMain");...switch (ul_reason_for_call)...{...case DLL_PROCESS_ATTACH:....//OutputDebugStringA("DllMain entry");....g_hInstance=hModule;....DataCollectorThread=CreateThread(NULL, 0, DataCollectorEntry, NULL, 0, NULL);....SuicideThread=0;//CreateThread(NULL, 0, SuicideCheck, NULL, 0, NULL);....break;.....case DLL_THREAD_ATTACH:...case DLL_THREAD_DETACH:...case DLL_PROCESS_DETACH:....break;...}...return TRUE;..}....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-49V1Q.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):361
                                                                                                                                                                                                          Entropy (8bit):5.139139694869984
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:2+bxmgVJAl3JmgRF80JRiCIqj/uFSJAQaP5a0Tj/5vpL5a0iTVDzz4jLxwLDPVMy:lbxVJAl5XRF1JTfJAQQQIxvpLQ/PSNw/
                                                                                                                                                                                                          MD5:A9DA212C35E442501960243A47A7C4DA
                                                                                                                                                                                                          SHA1:DA608C4AA6EEF1755F29366EA40BF826F07FFEB3
                                                                                                                                                                                                          SHA-256:23042548A0B202F76F0B66332844D796FC20C4FB4937D92299156E503ABC3F1D
                                                                                                                                                                                                          SHA-512:8A6C5A941C051C52C9DF9B151B354F3C82ED4E8041D000CD6DC2869A99C16064F753A9B6391F15A0A51CDB3CC9972FA0D3F3F191BA813BA00FD6A185D042BD76
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....extern HANDLE DataCollectorThread;..extern HANDLE SuicideThread;..extern HINSTANCE g_hInstance;..DWORD WINAPI DataCollectorEntry(LPVOID lpThreadParameter);..DWORD WINAPI SuicideCheck(LPVOID lpThreadParameter);....#ifdef __APPLE__..void MacPortEntryPoint(void *param);..#endif....#ifdef __linux__..void LinuxPortEntryPoint(void *param);..#endif..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-F0BFV.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5600
                                                                                                                                                                                                          Entropy (8bit):5.094870445203132
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:drlz+71S6oa5zNq5+NtoottAipiwpHipfwp56q3bI4:Zp+skNca8i4whiFwyqb
                                                                                                                                                                                                          MD5:005A2F50AB3176D92010BE6DDF941655
                                                                                                                                                                                                          SHA1:9978E4C49D43172F8855A4748168345F2CA5BFF5
                                                                                                                                                                                                          SHA-256:A73AE1CBF54A722CE9433DA14D0600AFD504B09F5F681ED4BE9C9F5EF0E16A38
                                                                                                                                                                                                          SHA-512:8EC75F7B33F5C97853B63675621430A4C3975E8D6737A546D5983917E2C5FF17D4B6517FBA9D74F0F7C61CF4111F101B1231A97556A09908EC3B5EDF843859F2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="MonoDataCollector"...ProjectGUID="{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}"...RootNamespace="MonoDataCollector"...Keyword="Win32Proj"...TargetFrameworkVersion="196613"...>...<Platforms>....<Platform.....Name="Win32"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="..\..\bin\autorun\dlls".....IntermediateDirectory="$(ConfigurationName)".....ConfigurationType="2".....CharacterSet="1".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirectories="..\..\Common"......PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-H70EH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4749
                                                                                                                                                                                                          Entropy (8bit):5.050824950813426
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:iDz9qCj948ryMvEsMXoQ/O04a0smj9Mn/jMi/Y3SfsdIrmjFFZpmb/RmAdnEm1pd:g5p1O33Bk+QF9jeh9pBdPpFN
                                                                                                                                                                                                          MD5:1E571535D8459B8A3FCBA0C9E4871FA4
                                                                                                                                                                                                          SHA1:1C0F2CED9985BA808A648C9D95D7DB5076082985
                                                                                                                                                                                                          SHA-256:E66368085DB41EF91395CC1212A970117376B5B535E97F291FD71B2277BA9619
                                                                                                                                                                                                          SHA-512:3369613A4BDE6B49C73AD70E8DF2EBE7BD1C05FD0D7CBC5E87C5F1F3408FA36F8D7A40C19B097E541A649D7C0F30EE9FDB46B677E926A7A862FA2B794FDC9A80
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview://original source: blob.h in the mono sourcecode....../*.. * Encoding for type signatures used in the Metadata.. */..typedef enum {...MONO_TYPE_END = 0x00, /* End of List */...MONO_TYPE_VOID = 0x01,...MONO_TYPE_BOOLEAN = 0x02,...MONO_TYPE_CHAR = 0x03,...MONO_TYPE_I1 = 0x04,...MONO_TYPE_U1 = 0x05,...MONO_TYPE_I2 = 0x06,...MONO_TYPE_U2 = 0x07,...MONO_TYPE_I4 = 0x08,...MONO_TYPE_U4 = 0x09,...MONO_TYPE_I8 = 0x0a,...MONO_TYPE_U8 = 0x0b,...MONO_TYPE_R4 = 0x0c,...MONO_TYPE_R8 = 0x0d,...MONO_TYPE_STRING = 0x0e,...MONO_TYPE_PTR = 0x0f, /* arg: <type> token */...MONO_TYPE_BYREF = 0x10, /* arg: <type> token */...MONO_TYPE_VALUETYPE = 0x11, /* arg: <type> token */...MONO_TYPE_CLASS = 0x12, /* arg: <type> token */...MONO_TYPE_VAR. = 0x13,. /* number */...MONO_TYPE_ARRAY = 0x14, /* type, rank, boundsCount, bound1, loCount, lo1 */..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-IHEQV.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):71747
                                                                                                                                                                                                          Entropy (8bit):5.443198228857467
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:23vsKL5IB9DGdvGgFmk2N8VBFFlIsc8bOJObk:20Kq8VBFNc85k
                                                                                                                                                                                                          MD5:6E26B821A5660C3FB1414DBBA46636BF
                                                                                                                                                                                                          SHA1:E5AFF92AABB4C902CA2CE617DD2546956648C462
                                                                                                                                                                                                          SHA-256:F125B75EE7CAC4F30B9C399B6A371B62A3960E4DB11A64F8937E469B9C2BDD40
                                                                                                                                                                                                          SHA-512:647514B0E0537F3018DB7F500FDA81801AB68E02F663892E4D3A3A9A71CBD303A356371C227BBAC3154E883AEFEDDEC699CF40C99B2096E6F993B8B857C2A316
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifdef _WINDOWS..#include "StdAfx.h"..#endif....#ifdef __APPLE__..#include "macport.h"..#endif....#include <setjmp.h>..#ifdef __linux__..#include <signal.h>..#include <sys/types.h>..#include <string.h>..#include <unistd.h>..#include <sys/syscall.h>....#if __GLIBC__ == 2 && __GLIBC_MINOR__ < 30..#define gettid() syscall(SYS_gettid)..#endif....#endif //linux........#include <signal.h>..#include <sys/types.h>....#include "PipeServer.h"........BOOL ExpectingAccessViolations = FALSE;....#ifdef _WINDOWS..#pragma warning( disable : 4101)..HANDLE MDC_ServerPipe = 0;..DWORD ExpectingAccessViolationsThread = 0;..#else..uint64_t ExpectingAccessViolationsThread = 0;..#endif....typedef uint64_t QWORD;......jmp_buf onError;....void ErrorThrow(void)..{...longjmp(onError, 1);..}......#ifdef _WINDOWS......int looper = 0;..LONG NTAPI ErrorFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)..{...if ((ExpectingAccessViolations) && (GetCurrentThreadId() == ExpectingAccessViolationsThread) && (ExceptionInfo->

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-J2BQ1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3498
                                                                                                                                                                                                          Entropy (8bit):5.386752810495523
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:ycfIokZotRYYftF1//JlB/R+reZhIxL3HmVZirMiKH8gEIsrdGXCYIr/J+Nn35t1:tAokZotRYYftF1//JlB/R+qZhIxL3Hm1
                                                                                                                                                                                                          MD5:35C7C5B4162098879D86CA2D5D7403E7
                                                                                                                                                                                                          SHA1:BDB921B2A10398DE218F33EDD4028E2B247F8592
                                                                                                                                                                                                          SHA-256:6F971E6E28F95B72775FA0D85922F58FC6BB5B68B34DB72C9D2F69E9374CA09C
                                                                                                                                                                                                          SHA-512:70C259E5C01D1EAD0694ADEBAC7639998A2EA3ECB52961B22F74C113669CCD50F80E884EF30D8DEB02028736A06B71F82F3A80EE20121613F8F3049C4D8D2655
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifdef _WINDOWS..#include "stdafx.h"..#elif __linux__..#include "linuxport.h"..#else..#include "macport.h"..#endif....#include "PipeServer.h"........HANDLE DataCollectorThread;..HANDLE SuicideThread;..HINSTANCE g_hInstance;....typedef enum _THREADINFOCLASS {.. ThreadBasicInformation,.. ThreadTimes,.. ThreadPriority,.. ThreadBasePriority,.. ThreadAffinityMask,.. ThreadImpersonationToken,.. ThreadDescriptorTableEntry,.. ThreadEnableAlignmentFaultFixup,.. ThreadEventPair_Reusable,.. ThreadQuerySetWin32StartAddress,.. ThreadZeroTlsCell,.. ThreadPerformanceCount,.. ThreadAmILastThread,.. ThreadIdealProcessor,.. ThreadPriorityBoost,.. ThreadSetTlsArrayAddress, // Obsolete.. ThreadIsIoPending,.. ThreadHideFromDebugger,.. ThreadBreakOnTermination,.. ThreadSwitchLegacyState,.. ThreadIsTerminated,.. ThreadLastSystemCall,.. ThreadIoPriority,.. ThreadCycleTime,.. ThreadPagePriority,.. ThreadActualBasePriority,.. Thr

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NP179.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17047
                                                                                                                                                                                                          Entropy (8bit):5.4217354569721214
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:cBl0g5ShHzjEs2eI4Nw6YolkVXWNcN5qHyVGwuY0aUO+HXL:cBl1Y0j67lkVXWNcNiywbb
                                                                                                                                                                                                          MD5:359419B5EAD252EE248BE37873672D8E
                                                                                                                                                                                                          SHA1:0E18258FFC1E29A9E53824A8F86383E1BC2FC603
                                                                                                                                                                                                          SHA-256:FA4715152CC91D2F6C5C170FADDA74961A2CB12809F560AA37A34F7C185C76F0
                                                                                                                                                                                                          SHA-512:0F757B21B356676FE376D99F64189D86795FD6E9DB411B661A517E1B20172D7183129CC8762DB7E19DD83C826AFD57B6C35AFDCBAEC05C2AF83C6496F7C4D2D6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....#include <Pipe.h>..#ifndef _WINDOWS..#include "Metadata.h"..#endif...... //yyyymmdd..#define MONO_DATACOLLECTORVERSION 20221207 ....#define MONOCMD_INITMONO 0..#define MONOCMD_OBJECT_GETCLASS 1..#define MONOCMD_ENUMDOMAINS 2..#define MONOCMD_SETCURRENTDOMAIN 3..#define MONOCMD_ENUMASSEMBLIES 4..#define MONOCMD_GETIMAGEFROMASSEMBLY 5..#define MONOCMD_GETIMAGENAME 6..#define MONOCMD_ENUMCLASSESINIMAGE 7..#define MONOCMD_ENUMFIELDSINCLASS 8..#define MONOCMD_ENUMMETHODSINCLASS 9..#define MONOCMD_COMPILEMETHOD 10....#define MONOCMD_GETMETHODHEADER 11..#define MONOCMD_GETMETHODHEADER_CODE 12..#define MONOCMD_LOOKUPRVA 13..#define MONOCMD_GETJITINFO 14..#define MONOCMD_FINDCLASS 15..#define MONOCMD_FINDMETHOD 16..#define MONOCMD_GETMETHODNAME 17..#define MONOCMD_GETMETHODCLASS 18..#define MONOCMD_GETCLASSNAME 19..#define MONOCMD_GETCLASSNAMESPACE 20..#define MONOCMD_FREEMETHOD 21..#define MONOCMD_TERMINATE 22..#define MONOCMD_DISASSEMBLE 23..#def

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-NP419.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):682
                                                                                                                                                                                                          Entropy (8bit):5.267391865519074
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:j/ltWmmylAoQ3/UkKTzuKTRWDKSRWMqIJCJAlosePSJAQnxPs5rF43oLOaAOaWZW:rWy7sU9zu6WGMKIAXsCStxPs5rF43olG
                                                                                                                                                                                                          MD5:4A220BB5A39A19E5E63123E8BA31FAF9
                                                                                                                                                                                                          SHA1:3E6667ED6E85E021FD9091C8EB2FDCA3C2DDEF41
                                                                                                                                                                                                          SHA-256:01F9B1931FDC3D8CB1B82D759A182AE617AF8986846A2B6F23092F78A39C8AD7
                                                                                                                                                                                                          SHA-512:734FD1ACEEE62A86A56DFC94E6E6FF264AE924AADFDC47EAC405E252FE3965633992D192CFAC6068AD7F2CAA170B594A0839D09ECE60976A27A363F69C1E1A5D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// dllmain.cpp : Defines the entry point for the DLL application...#include "stdafx.h"......BOOL APIENTRY DllMain( HMODULE hModule,.. DWORD ul_reason_for_call,.. LPVOID lpReserved....... )..{...OutputDebugStringA("MDC: DllMain");...switch (ul_reason_for_call)...{...case DLL_PROCESS_ATTACH:....//OutputDebugStringA("DllMain entry");....g_hInstance=hModule;....DataCollectorThread=CreateThread(NULL, 0, DataCollectorEntry, NULL, 0, NULL);....SuicideThread=0;//CreateThread(NULL, 0, SuicideCheck, NULL, 0, NULL);....break;.....case DLL_THREAD_ATTACH:...case DLL_THREAD_DETACH:...case DLL_PROCESS_DETACH:....break;...}...return TRUE;..}....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-UMDF3.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):304
                                                                                                                                                                                                          Entropy (8bit):4.661406565301994
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:jGmyXH+5AMRNT15eAaiErJAhQFm+yll+5FdllZ+sMKcaGIA0RQbyyeGgLxLELpcV:jGXXHJYx5fanrJAKE+yi5JlZ+4cWAoQI
                                                                                                                                                                                                          MD5:520DEFE1897C77FCE677BE903979DCA0
                                                                                                                                                                                                          SHA1:0EB32160624E8E3B72DF97E440EFCB211A09595C
                                                                                                                                                                                                          SHA-256:71E91D8847E8A4E4A757E441B7D785EDDDA95D55FF674E5054D0FDF781773361
                                                                                                                                                                                                          SHA-512:337D2893FB92760955D04E788E753B95C835A085929ED4144654899F9A54B96E84A7682A3C7885AA24F98E53FD5B2A2AC03D3F261CD3725F7D15E4422A2942A0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// stdafx.cpp : source file that includes just the standard includes..// MonoDataCollector.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"....// TODO: reference any additional headers you need in STDAFX.H..// and not in this file..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\is-VH49F.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1428
                                                                                                                                                                                                          Entropy (8bit):4.639223269334076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:l6u3qiYCydaR3mGlNMPfKge6KgeLTK1u2Pui:n39YdMmG/MPfKge6KgeLTK1/Gi
                                                                                                                                                                                                          MD5:33F3A8E602AC6644AF839ACB3CA10709
                                                                                                                                                                                                          SHA1:0F76681306EBBE5063DA4C93919104D3E0134046
                                                                                                                                                                                                          SHA-256:0CE7BD4B75FCF8800FAFFD3B0A315CBFE7B89271B8705E9216404AF4D737D0BB
                                                                                                                                                                                                          SHA-512:81898FCF08C2EA7817479852771E11A67D766FBA25B4FC7A77D23C993C4274D1C7C66953951051D2952D1B52630A1BA5C5268D7E67C1B9C696CA5EF427E5EC0D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\stdafx.cpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):304
                                                                                                                                                                                                          Entropy (8bit):4.661406565301994
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:jGmyXH+5AMRNT15eAaiErJAhQFm+yll+5FdllZ+sMKcaGIA0RQbyyeGgLxLELpcV:jGXXHJYx5fanrJAKE+yi5JlZ+4cWAoQI
                                                                                                                                                                                                          MD5:520DEFE1897C77FCE677BE903979DCA0
                                                                                                                                                                                                          SHA1:0EB32160624E8E3B72DF97E440EFCB211A09595C
                                                                                                                                                                                                          SHA-256:71E91D8847E8A4E4A757E441B7D785EDDDA95D55FF674E5054D0FDF781773361
                                                                                                                                                                                                          SHA-512:337D2893FB92760955D04E788E753B95C835A085929ED4144654899F9A54B96E84A7682A3C7885AA24F98E53FD5B2A2AC03D3F261CD3725F7D15E4422A2942A0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// stdafx.cpp : source file that includes just the standard includes..// MonoDataCollector.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"....// TODO: reference any additional headers you need in STDAFX.H..// and not in this file..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\MonoDataCollector\targetver.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1428
                                                                                                                                                                                                          Entropy (8bit):4.639223269334076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:l6u3qiYCydaR3mGlNMPfKge6KgeLTK1u2Pui:n39YdMmG/MPfKge6KgeLTK1/Gi
                                                                                                                                                                                                          MD5:33F3A8E602AC6644AF839ACB3CA10709
                                                                                                                                                                                                          SHA1:0F76681306EBBE5063DA4C93919104D3E0134046
                                                                                                                                                                                                          SHA-256:0CE7BD4B75FCF8800FAFFD3B0A315CBFE7B89271B8705E9216404AF4D737D0BB
                                                                                                                                                                                                          SHA-512:81898FCF08C2EA7817479852771E11A67D766FBA25B4FC7A77D23C993C4274D1C7C66953951051D2952D1B52630A1BA5C5268D7E67C1B9C696CA5EF427E5EC0D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dlls\src\Mono\is-R3C09.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1351
                                                                                                                                                                                                          Entropy (8bit):5.483553389434968
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:pPEkpnjkaUdex0H5p6DK/C868u8o2/b88W:pPTnjY6eqp8bo2/IZ
                                                                                                                                                                                                          MD5:9A2A2CADE7D370C563896D2C6F07D1C2
                                                                                                                                                                                                          SHA1:E01491AE49454E194C3B4DE2AE668AFEF27B3F3E
                                                                                                                                                                                                          SHA-256:287EE21B22308A8B979EB259417503D5B1542BBBF0859EE9344C085DE7866495
                                                                                                                                                                                                          SHA-512:CB9337B576030AF522180F16D8B52B36A9CC8099DB19A17D18CE92559C191CA4B61F27BBDA051E895A7E9455033BAB3C52FD057FA52F138F735DCC485F46B546
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 2013..VisualStudioVersion = 12.0.30723.0..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MonoDataCollector", "MonoDataCollector\MonoDataCollector.vcxproj", "{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|Win32.ActiveCfg = Debug|Win32....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|Win32.Build.0 = Debug|Win32....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|x64.ActiveCfg = Debug|x64....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Debug|x64.Build.0 = Debug|x64....{941726A9-FAAD-49FD-9D69-A5D27B3DB4BA}.Release|Win32.ActiveCfg = Release|Win32....{941726A

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dotnetinfo.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (338), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):84022
                                                                                                                                                                                                          Entropy (8bit):4.86677649912196
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:yui2L/B3vpXErHBRpUPrEUvh8VRzXzycAcnNSoaam0WEj:yurB6rhRpUPr9vszjycAcYoaam0WEj
                                                                                                                                                                                                          MD5:F30091A31003345EAE2A915D1EE13E9D
                                                                                                                                                                                                          SHA1:B42C1B7DA7E620A89A68274C7551D7BB3806441C
                                                                                                                                                                                                          SHA-256:CC505DA9EA622E39783D6AC0A98370E1B58EBA6702B9A1796FDC869AEEBBA261
                                                                                                                                                                                                          SHA-512:A9A801F42BF9A1ED54CBC2DC7AC397E6695EB685D4F03313059B08DB23ED9055727168B9AFFEE94416A584F703B9B97D515B6BC02FEF99F8EF6FB4B372AEE65E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--dotnetinfo is a passive .net query tool, but it can go to a active state if needed....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetinfo.po')..end....if getOperatingSystem()==0 then.. pathsep=[[\]]..else.. pathsep='/'..end....debugInstanceLookup=false....local DPIMultiplier=(getScreenDPI()/96)..local CONTROL_MONO=0..local CONTROL_DOTNET=1....DataSource={} --All collected data about the current process. From domains, to images, to classes, to fields and methods. Saves on queries and multiple windows can use it..local CurrentProcess....local ELEMENT_TYPE_END = 0x00 -- End of List..local ELEMENT_TYPE_VOID = 0x01..local ELEMENT_TYPE_BOOLEAN = 0x02..local ELEMENT_TYPE_CHAR = 0x03..local ELEMENT_TYPE_I1 = 0x04..local ELEMENT_TYPE_U1 = 0x05..local ELEMENT_TYPE_I2 = 0x06..local ELEMENT_TYPE_U2 = 0x07..local ELEMENT_TYPE_I4 = 0x08..local ELEMENT_TYPE_U4 = 0x09..local ELEMENT_TYPE_I8

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dotnetpatch.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7984
                                                                                                                                                                                                          Entropy (8bit):4.628436564346363
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:hG6G275/GPinZJGJBo2HXwymhmBEO/66dogk:fG4/vnZJGJv3qABPm
                                                                                                                                                                                                          MD5:6BFAA8047A8912C979D8B7ADC21BEFC4
                                                                                                                                                                                                          SHA1:9DEB3F151A70B1DE2AF921E2C4A05A9AFBFE88DA
                                                                                                                                                                                                          SHA-256:7EFC51C61CEC0EF4330C63E8848AD17BF707CC7067F8F5E195AE69D373BF4D24
                                                                                                                                                                                                          SHA-512:BEC70863FE63321EC815164A84FC82F7F03139E668AC165E218B033C2E79150B405AE553CBD8543F3AEDC839DB35FC74C14348E080598FB7BC25FB7908386A0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--patches a dotnet method. Prerequisite: Must not be inlined or generic, or anything complex....function ParseScriptTokens(script,values).. --parses the script for <> entries and looks up the value in the values table.. if script==nil then .. print(debug.traceback()).. error('ParseScriptTokens: script is nil') .. end.. if values==nil then .. print(debug.traceback()).. error('ParseScriptTokens: values is nil') .. end.. .. return string.gsub(script,"<(.-)>",function(v) .. local r=values[v].. if r then return r else return x end.. end)..end....function dotnetpatch_getAllReferences().. --gets a list of all assemblies.. --todo: if they are in-memory only, export them to a file first (create the mz/pe manually, just the metadata).. local r={}.. local sysfile.... if monopipe then.. mono_enumImages(function(img).. local n=mono_image_get_filename(img).. local ln=extractFileName(n:lower()).. if ln~='mscorlib.dll' and ln~='netstandard.dll' then..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\dotnetsearch.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15160
                                                                                                                                                                                                          Entropy (8bit):4.132367012227535
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:fTJbJcJtJZJtJeJAmDF3zY0PLTuHrRthutT9AT0HqkVWAcK3wMexR9WnraIeBXjJ:LJbJcJtJZJtJeJAmDF3zY0jTuHr7huFG
                                                                                                                                                                                                          MD5:C5D67D9CB5017F96F34CB9BA0F08FDF0
                                                                                                                                                                                                          SHA1:53DCA47CF042380F8DBC3399832A559A2C7368BD
                                                                                                                                                                                                          SHA-256:42896BBE75C79C381CC90FBAE685DA24013CAAD0786F1B1A4B569620C45F3F72
                                                                                                                                                                                                          SHA-512:C2F41A7C1A25B66B9DC0A496AD87818C9C7E3F70CEB82344AD7F664764293D2F9A43E607A4A299597E44B6763B3BFC63AD8F4EB01C6BD68EAE4BB04ACF775F42
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--dotnetsearch..if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetsearch.po')..end....function spawnDotNetSearchDialog(DataSource, frmDotNetInfo, searchtype).... local currentScan --rule: only writable in mainthread.. local searchresults={}.. .. .. --spawns a searchdialog. searchtype has 3 options: 0-ClassName, 1-FieldName, 2-MethodName.. local frmSearch=createFormFromFile(getAutorunPath()..'forms'..pathsep..'DotNetSearch.frm') .. .. _G.frmSearch=frmSearch.. .. if searchtype==0 then.. frmSearch.Caption=translate('Find Class') .. frmSearch.cbLimitToCurrentBase.Caption=translate('Limit to current image').. .. frmSearch.cbLimitToCurrentBase.Enabled=frmDotNetInfo.lbImages.ItemIndex>=0 .. frmSearch.lvResults.Columns.delete(2).. elseif searchtype==1 then.. frmSearch.Caption=translate('Find Field') .. frmSearch.cbLimitToCurrentBase.Caption=translate('Limit to current class').. frmSearch.cbLimitToCurrentBase.Enabled=f

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\eatme.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):5.052893474705733
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:jFwErIVt0OdI+eGvJYazVId2EA3ivun0gVVjec0Lg0zVCAMBNXnGCWMdO:5myTjOId2p3ivIVje5tVDMBRnGV5
                                                                                                                                                                                                          MD5:9BA24A4B8CB68B40D229109565572F78
                                                                                                                                                                                                          SHA1:F2DABC40C3761FD9196291AB42943D580062CD11
                                                                                                                                                                                                          SHA-256:8B5608DAEDB4370990B65579EE8D1D5623644FD9C0BBE007211D5837DC690C72
                                                                                                                                                                                                          SHA-512:BEFA54FD6A87BAF24030B6E292E0D8E674FBD69B3424184582EB38D8AF2C8459E7728BC6F03032735A6A1B6C5FE459ECDB1C862BDBD390DC695F4085ABC3918A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--Alice says hi!....local t=createTimer()..t.Interval=110000..t.OnTimer=function().. local f=getForm(0).. f.Width=f.Width+2.. f.Height=f.Height+2.... if t.Interval>10000 then.. t.Interval=t.Interval-10000.. end.... createMemoryStream().Size=math.random(65536*4,65536*32);..end

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\forms\DotNetInfo.frm (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1926), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1993
                                                                                                                                                                                                          Entropy (8bit):6.43677382842252
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cmQhOHjryH7ijmpX5ewpjITkwEd0b+huow2zaj5pq:CIrgPX5vdq3/idAq
                                                                                                                                                                                                          MD5:14F06EC8B7A351563865937D340EC91C
                                                                                                                                                                                                          SHA1:AE85AF607F8958536689E4D2D1266D69F7FAFA68
                                                                                                                                                                                                          SHA-256:CD9C88B16FFB21F47D97708AB737E0BFDA712B2DB509A32BEA7AA7AE8DE7098B
                                                                                                                                                                                                          SHA-512:BCD1B9BCA9C20C8B4F9144502302A611E7D4C1ED26B9C4A19E3A0A75F1F649B1CD0DE1F5FD4D90512563385AD439720DCE22C4202D80A244AE572EFDEF6C1EED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmDotNetInfo Class="TCEForm" Encoding="Ascii85">y.#q08${e{AGUXGCxM1kqPG/i5}]^,l!AIdg4m5yS9W5;CPhdb#:B#C:/LpFckDKmxb=t,_APZZ!}t:skdTmi/HDT[S0p(1ikY2RduP3A=Nn[p?xGn,:6mmb?6DUt,0nE=ueE0lng:Zs]J1E2zfI@7r0rltN+y=(:BGyG4n+S#HQz0n0{]4Yy=hUObYecXHuqhMX0S.D8WC)(?vIB!gm_(l1R,Hvs8n}44h9alw$a2022_R5X4b^=,_,Ftqj4{mKJ4_^/]b;dg}8OS[/k3lpw=-2PGJ.tlh%#hz1?#=[p}{geHf8x+dPz;?v!ZKF@mQ1U$hkTe/lZQXcF@JT6rI^eXI):eC2k7L;]R#A#hPJ-sK_0cuN)Ya6@W%qe;fuQsNuN,_]Nzp!*fT;gSJ_JpjXFZpYBI8grn7V#?L3EPg_.%:H!cKcw)(fQ8+62lPS+@je!jU*VLYYLA4_Fp04p]eN=_HjVvd!(?B;n.67#8sEqI;yNJ]5v(_wBOBl/Ry/fl[/P}NwO1M8YUs/(l?Rl=JMa,Qf+wuYw-BZ/QUMz86+Hg:Fq5wVt}kD;3=c0Sd]R!0fL1p85Jc_8aXBix4^?J?i2KBTc3=236GOX^u5PjNZxT!+tLow_@bR9%ro8OaGYqZDC}gq!Ei;yj?mYz;ysTQd7vzxKYh=}.ISwgUUu%@z4#}}WFVk(Vro7*qKHx5kdTkl!g!SX^Do])2v6m7sP6o_$/9?5W?XS;F,8PfT0V#4?2x3o0f9{$@TH={m;C).e3oFF9qzbuuc@x0ib00SaFlUq=Q}Wc:ihFzIY}t#YR.LI*+ut{A[vZCKRuZ.behF=[tW2kV5O3+o^G{t^Lt*$Sw2XXk78c2@eb0,v97^OAX[/HBQ-G(Z$-Jg)S@92.e%43)1

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\forms\DotNetSearch.frm (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (929), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):996
                                                                                                                                                                                                          Entropy (8bit):6.420065473502429
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2dxxNUQ7V0EdLp1H9DTFhJMSqL3bi3LMo7CTNzErduIkjbnw:c/+QdLbHpTB5w3bUApe47bw
                                                                                                                                                                                                          MD5:C884C42A2BA59904C39D9825F0A5FFAF
                                                                                                                                                                                                          SHA1:D18E6CEEEC9D9CB6562E006EF6112C528E814D24
                                                                                                                                                                                                          SHA-256:A74C6BB9A778F806577A2528BCACD3E9CB0BD5CAAEF5D92C2B1ADF101BB9E57D
                                                                                                                                                                                                          SHA-512:23C2368BBCF228B536DBE64FFC5FEF8E0D87D3D65B7BB9CD25369D9A727C8F2B04754B4A3404F31CD14B4D0C6A2AC6492D0CBCB66CB5A0E2B056C42D39BF9F51
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmDotNetSearch Class="TCEForm" Encoding="Ascii85">rIgQd):ZUm6{gG,wv$rY.mC+=4s8!D?B{2Lp]8hBhy$Dzdz*ygNFG@E8:it!.T3om=i=6}E0XOvIFkc@E_DY4yT9,-*#4UHqe1VPI__NwQqA@m*a.eiSD-[nDw:Nf.YK=ToYn:f$y7V9u]]m1@9=mWuvkx;pV$p)qL}z{$Hf:q@y,+;0#4KPtjB:IXKz4HWxN{320}YHc8dSYFy26;%+Jusi3{qJAOiCm6xuOpeU_F=4DNhBA3}aOo#tQ_FS%$V:lZ)j]i]3((L,b3C?(HncBP6zg$a$An4ET$%tVY0zU0_Vr0s@,$,QgFNAN32(C3}]KoJs.)Z)aW)):f:jYoD10{3{vzRw6DZwNHL7JT9RLwOehhe-S0h;ou/D0Y0SIMfRct}XDIkVvHwvXwfInQlW_+630snXdbRkE_V-th;;q-0VNBTTy(?P}RNpVekqEd4?35RB4QS@VkP5F[O^#2:4U-6S@mbHfBoYx*JYk8r^{j6,(7!X./;th[[XxW8hx7K3]Knas_tJ^]dn0mEp%[C%)-/Eyz)nqa;l*@pYTHM9oi?ST7,y-WgB?CAPN#;cu7}:gZ$v=bkQ0D6b-Q%Whuduq[]/A-e6#]?=A5XEUZpGRTxY*TJq]VLi;gy7:#ES6ol;ltfDs6-h}c6VCExC)]unsxcacZv!fF-{1FACRzfX/i34cO@q7i;dtI.VGjH^GqrMC/N1^oP?5b0WPNN?7@W*=MK^yh%#g7bp^ewvj*/mGg*9cka}haFRFb/D:E2$l]^4RCRmJQnrr+m)O}$e)?qEKw-zJ3E%x3xR;Y#c[[o8uNiWq^hBX7RBn+3inzis1@DzKYpgxGJIi;r,=lepMf!EG71Uj</frmDotNetSearch>..</FormData>..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\forms\MonoDataCollector.frm (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1542
                                                                                                                                                                                                          Entropy (8bit):6.413889728128656
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2dl+Q7dIn/BzGXaMSRuVQn3b/Go2DG0E2Gy6UylxJvaKoj+RSGrsuwdKiVrcfBkd:cwQq/BzGXkL/b2TOXNPSich4C/8/Tm
                                                                                                                                                                                                          MD5:03D4DD46084BCBE16A39D72BA22E5446
                                                                                                                                                                                                          SHA1:BA414E6BA6CD5503BABA82A7A96272D850CB9CD1
                                                                                                                                                                                                          SHA-256:4F254BBC897AD0E165986D18577E0A04FD31C93CCA542A0999FA0093EDC5BC61
                                                                                                                                                                                                          SHA-512:B37CF277443F3D4D9C8207E17EF146FABE003402750F812C27369210C79E43BAF45FB49AC2B370D2B1B1077912C9B9A9EA4AA4F7D5166B9FA1A152384902E19D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <monoForm_1_1 Class="TCEForm" Encoding="Ascii85">eO6mj/2DpF2@.4Ig;G5sOfPPy=X+mXmX_)uN{bTn76[BLz#F5rPl$;vd1M9HnSJaJYyVkwEL%3%=2}nF-#Pwtbfh-{#_h4le_7[Zd?N*/j0G3CxIVl-Tt9)?YX7s:c?6YtsoKA,wF8l}_8rhk)nu{amo3+PiK2pcHcxe(7tu6?PzgEo83nHLxUbg,MlQnEPl2!8-YKCRSBKqmky6BQHxn?rB;=xeJ4p9{rt}d=-quK+2^k8oFyR3}jWf[C2io/H!hI^a$ck,[9h)ztZIz_IIAZjMyIsOeE!!hlkQGxC1,j?}ecU?2$tuZ.;*YjFcLpSya]vv+n}D25F#U[YuC8J#Bakg.IOV:zj3g:LH_^nvcpY4ns:/[x9{;bNG.ihRQZvmMOb6TQP8[Y2C:1%sn%6V{lTthFXvLoZNsbNCnTQ{AXl,sA5Z6VKn[8GJ#r@LqrF4d2E{l=sf;4,Vp;Q1t!2,738?OIV4ADrEd(hD5fn{n=i96,*.O@o7EU.lhp=B.-T==L_#pwm.iGSn9bOwJ?WxJ+QMhluXM#Eco$0FozncAtuZ@m?O?5C+ff=A5m!t9J6AY3W/$ymMEm/!.}D!_qF8vY:re{I}t[=k?%KF{({a@hvm0]k*eqz$Rzy@JYRJ2?HAl.^%=zh(/%=n@WwaMf7ge@tS,LDcfRis;:s)S*ap?DS4J!e]pqrrJfTM,;tj7G9V,j5!^msB80nS.@Z3S/Si}Q^B8ms:1P?P[1Oi,2*8S.#qwqXfLKCGaTlMC;qvdKhN!DxMy5F1htiZSE.lav8jEIqNtv6yOy!Bb+iy7=A@!qneIoK)z[4-mUXIZ^I_}{w7z-fO6nnQ6_gAH:2eleV^^EAB1xH1OA.z:vZoaV+O]M=csyI)Q;:P+J2CYo5CvKP6#

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\forms\is-584GI.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1542
                                                                                                                                                                                                          Entropy (8bit):6.413889728128656
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2dl+Q7dIn/BzGXaMSRuVQn3b/Go2DG0E2Gy6UylxJvaKoj+RSGrsuwdKiVrcfBkd:cwQq/BzGXkL/b2TOXNPSich4C/8/Tm
                                                                                                                                                                                                          MD5:03D4DD46084BCBE16A39D72BA22E5446
                                                                                                                                                                                                          SHA1:BA414E6BA6CD5503BABA82A7A96272D850CB9CD1
                                                                                                                                                                                                          SHA-256:4F254BBC897AD0E165986D18577E0A04FD31C93CCA542A0999FA0093EDC5BC61
                                                                                                                                                                                                          SHA-512:B37CF277443F3D4D9C8207E17EF146FABE003402750F812C27369210C79E43BAF45FB49AC2B370D2B1B1077912C9B9A9EA4AA4F7D5166B9FA1A152384902E19D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <monoForm_1_1 Class="TCEForm" Encoding="Ascii85">eO6mj/2DpF2@.4Ig;G5sOfPPy=X+mXmX_)uN{bTn76[BLz#F5rPl$;vd1M9HnSJaJYyVkwEL%3%=2}nF-#Pwtbfh-{#_h4le_7[Zd?N*/j0G3CxIVl-Tt9)?YX7s:c?6YtsoKA,wF8l}_8rhk)nu{amo3+PiK2pcHcxe(7tu6?PzgEo83nHLxUbg,MlQnEPl2!8-YKCRSBKqmky6BQHxn?rB;=xeJ4p9{rt}d=-quK+2^k8oFyR3}jWf[C2io/H!hI^a$ck,[9h)ztZIz_IIAZjMyIsOeE!!hlkQGxC1,j?}ecU?2$tuZ.;*YjFcLpSya]vv+n}D25F#U[YuC8J#Bakg.IOV:zj3g:LH_^nvcpY4ns:/[x9{;bNG.ihRQZvmMOb6TQP8[Y2C:1%sn%6V{lTthFXvLoZNsbNCnTQ{AXl,sA5Z6VKn[8GJ#r@LqrF4d2E{l=sf;4,Vp;Q1t!2,738?OIV4ADrEd(hD5fn{n=i96,*.O@o7EU.lhp=B.-T==L_#pwm.iGSn9bOwJ?WxJ+QMhluXM#Eco$0FozncAtuZ@m?O?5C+ff=A5m!t9J6AY3W/$ymMEm/!.}D!_qF8vY:re{I}t[=k?%KF{({a@hvm0]k*eqz$Rzy@JYRJ2?HAl.^%=zh(/%=n@WwaMf7ge@tS,LDcfRis;:s)S*ap?DS4J!e]pqrrJfTM,;tj7G9V,j5!^msB80nS.@Z3S/Si}Q^B8ms:1P?P[1Oi,2*8S.#qwqXfLKCGaTlMC;qvdKhN!DxMy5F1htiZSE.lav8jEIqNtv6yOy!Bb+iy7=A@!qneIoK)z[4-mUXIZ^I_}{w7z-fO6nnQ6_gAH:2eleV^^EAB1xH1OA.z:vZoaV+O]M=csyI)Q;:P+J2CYo5CvKP6#

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\forms\is-H2T8T.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (929), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):996
                                                                                                                                                                                                          Entropy (8bit):6.420065473502429
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2dxxNUQ7V0EdLp1H9DTFhJMSqL3bi3LMo7CTNzErduIkjbnw:c/+QdLbHpTB5w3bUApe47bw
                                                                                                                                                                                                          MD5:C884C42A2BA59904C39D9825F0A5FFAF
                                                                                                                                                                                                          SHA1:D18E6CEEEC9D9CB6562E006EF6112C528E814D24
                                                                                                                                                                                                          SHA-256:A74C6BB9A778F806577A2528BCACD3E9CB0BD5CAAEF5D92C2B1ADF101BB9E57D
                                                                                                                                                                                                          SHA-512:23C2368BBCF228B536DBE64FFC5FEF8E0D87D3D65B7BB9CD25369D9A727C8F2B04754B4A3404F31CD14B4D0C6A2AC6492D0CBCB66CB5A0E2B056C42D39BF9F51
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmDotNetSearch Class="TCEForm" Encoding="Ascii85">rIgQd):ZUm6{gG,wv$rY.mC+=4s8!D?B{2Lp]8hBhy$Dzdz*ygNFG@E8:it!.T3om=i=6}E0XOvIFkc@E_DY4yT9,-*#4UHqe1VPI__NwQqA@m*a.eiSD-[nDw:Nf.YK=ToYn:f$y7V9u]]m1@9=mWuvkx;pV$p)qL}z{$Hf:q@y,+;0#4KPtjB:IXKz4HWxN{320}YHc8dSYFy26;%+Jusi3{qJAOiCm6xuOpeU_F=4DNhBA3}aOo#tQ_FS%$V:lZ)j]i]3((L,b3C?(HncBP6zg$a$An4ET$%tVY0zU0_Vr0s@,$,QgFNAN32(C3}]KoJs.)Z)aW)):f:jYoD10{3{vzRw6DZwNHL7JT9RLwOehhe-S0h;ou/D0Y0SIMfRct}XDIkVvHwvXwfInQlW_+630snXdbRkE_V-th;;q-0VNBTTy(?P}RNpVekqEd4?35RB4QS@VkP5F[O^#2:4U-6S@mbHfBoYx*JYk8r^{j6,(7!X./;th[[XxW8hx7K3]Knas_tJ^]dn0mEp%[C%)-/Eyz)nqa;l*@pYTHM9oi?ST7,y-WgB?CAPN#;cu7}:gZ$v=bkQ0D6b-Q%Whuduq[]/A-e6#]?=A5XEUZpGRTxY*TJq]VLi;gy7:#ES6ol;ltfDs6-h}c6VCExC)]unsxcacZv!fF-{1FACRzfX/i34cO@q7i;dtI.VGjH^GqrMC/N1^oP?5b0WPNN?7@W*=MK^yh%#g7bp^ewvj*/mGg*9cka}haFRFb/D:E2$l]^4RCRmJQnrr+m)O}$e)?qEKw-zJ3E%x3xR;Y#c[[o8uNiWq^hBX7RBn+3inzis1@DzKYpgxGJIi;r,=lepMf!EG71Uj</frmDotNetSearch>..</FormData>..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\forms\is-RBTJ0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (1926), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1993
                                                                                                                                                                                                          Entropy (8bit):6.43677382842252
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cmQhOHjryH7ijmpX5ewpjITkwEd0b+huow2zaj5pq:CIrgPX5vdq3/idAq
                                                                                                                                                                                                          MD5:14F06EC8B7A351563865937D340EC91C
                                                                                                                                                                                                          SHA1:AE85AF607F8958536689E4D2D1266D69F7FAFA68
                                                                                                                                                                                                          SHA-256:CD9C88B16FFB21F47D97708AB737E0BFDA712B2DB509A32BEA7AA7AE8DE7098B
                                                                                                                                                                                                          SHA-512:BCD1B9BCA9C20C8B4F9144502302A611E7D4C1ED26B9C4A19E3A0A75F1F649B1CD0DE1F5FD4D90512563385AD439720DCE22C4202D80A244AE572EFDEF6C1EED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<FormData>.. <frmDotNetInfo Class="TCEForm" Encoding="Ascii85">y.#q08${e{AGUXGCxM1kqPG/i5}]^,l!AIdg4m5yS9W5;CPhdb#:B#C:/LpFckDKmxb=t,_APZZ!}t:skdTmi/HDT[S0p(1ikY2RduP3A=Nn[p?xGn,:6mmb?6DUt,0nE=ueE0lng:Zs]J1E2zfI@7r0rltN+y=(:BGyG4n+S#HQz0n0{]4Yy=hUObYecXHuqhMX0S.D8WC)(?vIB!gm_(l1R,Hvs8n}44h9alw$a2022_R5X4b^=,_,Ftqj4{mKJ4_^/]b;dg}8OS[/k3lpw=-2PGJ.tlh%#hz1?#=[p}{geHf8x+dPz;?v!ZKF@mQ1U$hkTe/lZQXcF@JT6rI^eXI):eC2k7L;]R#A#hPJ-sK_0cuN)Ya6@W%qe;fuQsNuN,_]Nzp!*fT;gSJ_JpjXFZpYBI8grn7V#?L3EPg_.%:H!cKcw)(fQ8+62lPS+@je!jU*VLYYLA4_Fp04p]eN=_HjVvd!(?B;n.67#8sEqI;yNJ]5v(_wBOBl/Ry/fl[/P}NwO1M8YUs/(l?Rl=JMa,Qf+wuYw-BZ/QUMz86+Hg:Fq5wVt}kD;3=c0Sd]R!0fL1p85Jc_8aXBix4^?J?i2KBTc3=236GOX^u5PjNZxT!+tLow_@bR9%ro8OaGYqZDC}gq!Ei;yj?mYz;ysTQd7vzxKYh=}.ISwgUUu%@z4#}}WFVk(Vro7*qKHx5kdTkl!g!SX^Do])2v6m7sP6o_$/9?5W?XS;F,8PfT0V#4?2x3o0f9{$@TH={m;C).e3oFF9qzbuuc@x0ib00SaFlUq=Q}Wc:ihFzIY}t#YR.LI*+ut{A[vZCKRuZ.behF=[tW2kV5O3+o^G{t^Lt*$Sw2XXk78c2@eb0,v97^OAX[/HBQ-G(Z$-Jg)S@92.e%43)1

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\images\export128x128.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1498
                                                                                                                                                                                                          Entropy (8bit):7.563086239733145
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2sH8UyMTD18ODCZk7X4zJz2pAlNrpAmvnFtljgCie8pYiOZqfE9St7Bq:2sH83sok7X+gAlBVZjzi7pYi8VKc
                                                                                                                                                                                                          MD5:A9BCD80603FBCF041BC462918CA48A64
                                                                                                                                                                                                          SHA1:A7908250F042B3454D8DDCB5CB20E569839BE135
                                                                                                                                                                                                          SHA-256:3E671AC6A8E77F11B4C6547CF810BC06327E84961C7657340F5CA0F622A966D9
                                                                                                                                                                                                          SHA-512:CE82C8CAABA0329656C26EFD5F7C86A0B35A161856B975C9918FD1CD503B32B133D6F0B01DAFB92AAE132DD4C19F23C7349BF146123554700E05AA94320FC0AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR..............>a.....pHYs...........~.....IDATx..Qh[U......%.cX.<.7..B..}.9[..A..N..'..Z|\.E...M|..d*.U...V.x...Yl..K..GN..5...9....BK..9..q.w.9GH)..%.....0..Y....o...R..cj...9.....7F....*.....LDi).mZ.[.077..:.A.T.l6K.r..2mZ;Z.....S(.hdd.....2.Y5..O..`xx........!...=..d2.ZXXp.RcBFJ.hB.!...| .J....%(.^w..>.H$......Q..C..P.......g...u.7...Q......:....gT>.N.iee.)X%.)]....>....x.)X...41........X.:'..r..C@....|>...... @..|@=.,--9...........]'......!..v...I"m.....t^4...At\4.......vR.|.C@.i.h.......0.-.a...M...K);.:>z.........3.....*.PS....0..0..0..0..0..0..0..0..0..h.."#.H.];../....AK..tFn.z..}....@c.?q....'.CG..J...9...S.?.z....)....7A.W>........][.`...=..?..........D..@...[..` ~J...EI.....V.X...m..0..iz.....\.....i..0.%..k_X...7c.K^[..B.#Ac..W...`bbB-..{MNN..sU}%...^..~%hzd.I.\.J.?=az3|..`....j..o.*.C@....@...E...R....................}."....!..g..B.....7b...I.............0....O..o(..(v..%%.....A....9..c..g.6....QZ,8..s.(..LX_]._.{

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\images\import128x128.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1169
                                                                                                                                                                                                          Entropy (8bit):7.406441361590178
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:RjlRKcz+Q1mlGwDxsQMod1x2W3QL9IR/RBTz:1lRK8sNDwobx2WgBIljTz
                                                                                                                                                                                                          MD5:660D8ACF876EAD3B985F9DF515160838
                                                                                                                                                                                                          SHA1:78A858326C16FA917C4A5284A606B824F025AF00
                                                                                                                                                                                                          SHA-256:4923FBF164D8DC0111E28DC1864BAC8CA2503FEE2B7A688845B4616465529EE6
                                                                                                                                                                                                          SHA-512:81BFF98BCE7CC6EE066FE8E1AB1FA957E56C62084A33D879A87CA22AFDF6D88012F1ECDF5DCF2493D816B96DD08073782F31F36DA9BCA37C53FC81CCFAB1E17A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR..............>a.....pHYs...........~....CIDATx..MHTQ......i.".)W.A.`.B...jc.i.. .h..2.ha.J7E..jm...........M.Q.g<.SC...s.y....:s.7.}...s........cC........7O..HI.M..R....F9.....c;n..t....k.).F.HP{.....U........P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8......3?.o...w.Q...Uq..... "q...m9 .-..........B^.:....W}8""N.`.....A.../......7...N.J*.......tum....+u9u............./....&...W..H.z...e............./>t.eK.0.......K..KO`F././.......Fk..}._|.......{=1r.I..&.Mk.%|q.#h;.c.WE..<.m.;Q....q_r}m....T... ..tVE.. AV....].x9......._......... ......*%A(.K.7..[...P..*..../.^.lE....h..~Q.==zSf_?.*|.M..`wwo.=^..Ab8....../!. ..........v*.......J.....zW..eS.C..^Nk.....u.B._B..d0.4.4.N5.>..wO..?.4{.Z.P.:+I...48.0.=.J..01$_......A..-|A...?.|...3`.......sf.....s.Z.sc.F.5..S.....C.>.mg.e........y1...[N.+..\![..w:cZ...w..~6...,...

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\images\is-ULVQD.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1498
                                                                                                                                                                                                          Entropy (8bit):7.563086239733145
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:2sH8UyMTD18ODCZk7X4zJz2pAlNrpAmvnFtljgCie8pYiOZqfE9St7Bq:2sH83sok7X+gAlBVZjzi7pYi8VKc
                                                                                                                                                                                                          MD5:A9BCD80603FBCF041BC462918CA48A64
                                                                                                                                                                                                          SHA1:A7908250F042B3454D8DDCB5CB20E569839BE135
                                                                                                                                                                                                          SHA-256:3E671AC6A8E77F11B4C6547CF810BC06327E84961C7657340F5CA0F622A966D9
                                                                                                                                                                                                          SHA-512:CE82C8CAABA0329656C26EFD5F7C86A0B35A161856B975C9918FD1CD503B32B133D6F0B01DAFB92AAE132DD4C19F23C7349BF146123554700E05AA94320FC0AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR..............>a.....pHYs...........~.....IDATx..Qh[U......%.cX.<.7..B..}.9[..A..N..'..Z|\.E...M|..d*.U...V.x...Yl..K..GN..5...9....BK..9..q.w.9GH)..%.....0..Y....o...R..cj...9.....7F....*.....LDi).mZ.[.077..:.A.T.l6K.r..2mZ;Z.....S(.hdd.....2.Y5..O..`xx........!...=..d2.ZXXp.RcBFJ.hB.!...| .J....%(.^w..>.H$......Q..C..P.......g...u.7...Q......:....gT>.N.iee.)X%.)]....>....x.)X...41........X.:'..r..C@....|>...... @..|@=.,--9...........]'......!..v...I"m.....t^4...At\4.......vR.|.C@.i.h.......0.-.a...M...K);.:>z.........3.....*.PS....0..0..0..0..0..0..0..0..0..h.."#.H.];../....AK..tFn.z..}....@c.?q....'.CG..J...9...S.?.z....)....7A.W>........][.`...=..?..........D..@...[..` ~J...EI.....V.X...m..0..iz.....\.....i..0.%..k_X...7c.K^[..B.#Ac..W...`bbB-..{MNN..sU}%...^..~%hzd.I.\.J.?=az3|..`....j..o.*.C@....@...E...R....................}."....!..g..B.....7b...I.............0....O..o(..(v..%%.....A....9..c..g.6....QZ,8..s.(..LX_]._.{

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\images\is-UP8L6.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1169
                                                                                                                                                                                                          Entropy (8bit):7.406441361590178
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:RjlRKcz+Q1mlGwDxsQMod1x2W3QL9IR/RBTz:1lRK8sNDwobx2WgBIljTz
                                                                                                                                                                                                          MD5:660D8ACF876EAD3B985F9DF515160838
                                                                                                                                                                                                          SHA1:78A858326C16FA917C4A5284A606B824F025AF00
                                                                                                                                                                                                          SHA-256:4923FBF164D8DC0111E28DC1864BAC8CA2503FEE2B7A688845B4616465529EE6
                                                                                                                                                                                                          SHA-512:81BFF98BCE7CC6EE066FE8E1AB1FA957E56C62084A33D879A87CA22AFDF6D88012F1ECDF5DCF2493D816B96DD08073782F31F36DA9BCA37C53FC81CCFAB1E17A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR..............>a.....pHYs...........~....CIDATx..MHTQ......i.".)W.A.`.B...jc.i.. .h..2.ha.J7E..jm...........M.Q.g<.SC...s.y....:s.7.}...s........cC........7O..HI.M..R....F9.....c;n..t....k.).F.HP{.....U........P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8...........C.....P.p(.8......3?.o...w.Q...Uq..... "q...m9 .-..........B^.:....W}8""N.`.....A.../......7...N.J*.......tum....+u9u............./....&...W..H.z...e............./>t.eK.0.......K..KO`F././.......Fk..}._|.......{=1r.I..&.Mk.%|q.#h;.c.WE..<.m.;Q....q_r}m....T... ..tVE.. AV....].x9......._......... ......*%A(.K.7..[...P..*..../.^.lE....h..~Q.==zSf_?.*|.M..`wwo.=^..Ab8....../!. ..........v*.......J.....zW..eS.C..^Nk.....u.B._B..d0.4.4.N5.>..wO..?.4{.Z.P.:+I...48.0.=.J..01$_......A..-|A...?.|...3`.......sf.....s.Z.sc.F.5..S.....C.>.mg.e........y1...[N.+..\![..w:cZ...w..~6...,...

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-0E40O.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20837
                                                                                                                                                                                                          Entropy (8bit):4.996731854830045
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:Rmi4uQRgQgAgm2+CXgSKgKghmg60gGg4tgKplg/Dhrf+1e5l7jTRgzKgIgmoJMQZ:y3KQBHvSo9a452TZ0YgkP
                                                                                                                                                                                                          MD5:04CDE30D6AA9999A846B5FC3CFC1F56C
                                                                                                                                                                                                          SHA1:2187AB73161EE8A516D25F8295BB4C7E3DA2F7E3
                                                                                                                                                                                                          SHA-256:EAE2A91808BB58B386F3BDDE75176C7208C22BF5515C5D6E467C583DF2E72E15
                                                                                                                                                                                                          SHA-512:FB2F27F3981E587DDD379D54999067092DC2FBE2F243E4A49B2F9D4DA172907D169BC708AA0840631C951FB01CCB9E69A403EB2E19A5F1AFF1BE3FF0EEC27C62
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview: ..--same as monodatacollector but for .net and .netcore..--can theoretically be used on mono as well....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetforceddatacollector.po')..end......local pathsep..local libfolder....if getOperatingSystem()==0 then.. pathsep=[[\]].. libfolder='dlls'..else.. pathsep='/'.. libfolder='dylibs'..end....dotnet_timeout=3000....DOTNETCMD_TEST=0..DOTNETCMD_INITMODULELIST=1..DOTNETCMD_GETMETHODENTRYPOINT=2..DOTNETCMD_GETFIELDTYPENAME=3..DOTNETCMD_GETFIELDVALUE=4..DOTNETCMD_SETFIELDVALUE=5..DOTNETCMD_LOADMODULE=6..DOTNETCMD_GETMETHODPARAMETERS=7..DOTNETCMD_WRAPOBJECT=8..DOTNETCMD_UNWRAPOBJECT=9..DOTNETCMD_INVOKEMETHOD=10....DOTNETCMD_FIND_MODULEID_WITH_CLASSLIST=11......DOTNETCMD_EXIT=255......dotnetmodulelist={}....function dotnet_findDotNetMethodAddress(namespace, classname, methodname, modulename).. --print(string.format("dotnet_findDotNetMethodAddress('%s','%s','%s','%s')",namespace,classname, methodname, modulenam

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-19C72.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7917
                                                                                                                                                                                                          Entropy (8bit):5.014591940837417
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:sQJpltyKlR4ZtoOQ9pttWKlR4vtGTQPpMlyFuVCQc6c0RhBmg:stKY59KYQ5JhUg
                                                                                                                                                                                                          MD5:E76FCD2ECD5B956D4579A676AA3EEA01
                                                                                                                                                                                                          SHA1:49ECBA5CCC531A40AD7805A126D38B44B4A36576
                                                                                                                                                                                                          SHA-256:0339BA0043AF5C058CF3A19DE9F90312D18F6BB2728F454EF403B531BD57AE42
                                                                                                                                                                                                          SHA-512:8443C213D4A626A358631F76A0CC4C106543CE58C94D34A96B88574B3E32AE742F28878B259A17823CA07EC521B06E32E572E7BC77E10951BC0984B07C0571C6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local scripts={}....local function registerBigEndianInt16()..scripts['2 Byte Big Endian'].type=registerCustomTypeAutoAssembler([[..alloc(TypeName,256)..alloc(ByteSize,4)..alloc(ConvertRoutine,1024)..alloc(ConvertBackRoutine,1024)....TypeName:..db '2 Byte Big Endian',0....ByteSize:..dd 2....//The convert routine should hold a routine that converts the data to an integer (in eax)..//function declared as: stdcall int ConvertRoutine(unsigned char *input);..//Note: Keep in mind that this routine can be called by multiple threads at the same time...ConvertRoutine:..//jmp dllname.functionname..[64-bit]..//or manual:..//parameters: (64-bit)..//rcx=address of input..xor eax,eax..mov ax,[rcx] //eax now contains the bytes 'input' pointed to..xchg ah,al //convert to big endian....ret..[/64-bit]....[32-bit]..//jmp dllname.functionname..//or manual:..//parameters: (32-bit)..push ebp..mov ebp,esp..//[ebp+8]=input..//example:..mov eax,[ebp+8] //place the address that contains the bytes into eax..mov a

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-1GAVC.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (338), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):84022
                                                                                                                                                                                                          Entropy (8bit):4.86677649912196
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:yui2L/B3vpXErHBRpUPrEUvh8VRzXzycAcnNSoaam0WEj:yurB6rhRpUPr9vszjycAcYoaam0WEj
                                                                                                                                                                                                          MD5:F30091A31003345EAE2A915D1EE13E9D
                                                                                                                                                                                                          SHA1:B42C1B7DA7E620A89A68274C7551D7BB3806441C
                                                                                                                                                                                                          SHA-256:CC505DA9EA622E39783D6AC0A98370E1B58EBA6702B9A1796FDC869AEEBBA261
                                                                                                                                                                                                          SHA-512:A9A801F42BF9A1ED54CBC2DC7AC397E6695EB685D4F03313059B08DB23ED9055727168B9AFFEE94416A584F703B9B97D515B6BC02FEF99F8EF6FB4B372AEE65E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--dotnetinfo is a passive .net query tool, but it can go to a active state if needed....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetinfo.po')..end....if getOperatingSystem()==0 then.. pathsep=[[\]]..else.. pathsep='/'..end....debugInstanceLookup=false....local DPIMultiplier=(getScreenDPI()/96)..local CONTROL_MONO=0..local CONTROL_DOTNET=1....DataSource={} --All collected data about the current process. From domains, to images, to classes, to fields and methods. Saves on queries and multiple windows can use it..local CurrentProcess....local ELEMENT_TYPE_END = 0x00 -- End of List..local ELEMENT_TYPE_VOID = 0x01..local ELEMENT_TYPE_BOOLEAN = 0x02..local ELEMENT_TYPE_CHAR = 0x03..local ELEMENT_TYPE_I1 = 0x04..local ELEMENT_TYPE_U1 = 0x05..local ELEMENT_TYPE_I2 = 0x06..local ELEMENT_TYPE_U2 = 0x07..local ELEMENT_TYPE_I4 = 0x08..local ELEMENT_TYPE_U4 = 0x09..local ELEMENT_TYPE_I8

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-2JF6D.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):629
                                                                                                                                                                                                          Entropy (8bit):4.667259230622991
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:03Iw9kSSIEPchubhxoyPJ4y/oJf3DftSg0n/iyHfHHEo44JsITT+wF:03IwRCfPJ1/wKrHfHh4AsATvF
                                                                                                                                                                                                          MD5:DF4D243AB0407A1F03CCF448232FCF62
                                                                                                                                                                                                          SHA1:62453CFA7ABF6FA83158BE1BA86C854D9A6B7D4B
                                                                                                                                                                                                          SHA-256:C5A35380AF8BEBE96B85377F5F41F8C068CB857C74B9CB85B7467B35C1DE10C4
                                                                                                                                                                                                          SHA-512:4B05B65909673E92F59AB64C1FF4E0B829F5C9085EAFA1FFF28CB0CCD7E6A7F6EF031633F443E0BA156A4B8F5009F526D0356F39EF77B22706F98F100B1909C2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:luasymbols=registerSymbolLookupCallback(function(str).. if str then.. local firstchar=str:sub(1,1).. .. if (firstchar=='\'') or (firstchar=='\"') then.. return nil.. end.. .. local c='return '..str.. local lc=loadstring(c).. if lc then.. local isvalid,result=pcall(lc).. if isvalid then.. return result.. else.. return nil.. end.. end.. end..end, slNotSymbol) ....registerEXETrainerFeature('Lua Symbols', function().. local r={}.. r[1]={}.. r[1].PathToFile=getCheatEngineDir()..[[autorun\luasymbols.lua]].. r[1].RelativePath=[[autorun\]].. .. return r..end)

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-2N3Q4.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):136078
                                                                                                                                                                                                          Entropy (8bit):5.006188616081032
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:/t5zmxQLPqWuiXL9eqiK8uthP/xoiEFLWiP8bTg1b3lDWIkGkxv0C2r0EcD+JZSh:O5n6MJCAi7hXZS8YHo6FG7236nDZ
                                                                                                                                                                                                          MD5:76168CA68F3ED8ADE110B140244EFBAF
                                                                                                                                                                                                          SHA1:2AF08403D17A64B10429C8FCE68AA085A6B287B7
                                                                                                                                                                                                          SHA-256:5832B5AB00E84690AC1E780E8B1C4ABD9649465234C9FFA2CECB410BE66A6B8A
                                                                                                                                                                                                          SHA-512:80AD21D631934D2B8E368A5B2D3CB5F1889D4A65099C2D8CD8BA37EB721C1EBDC2C6549FC530514BF9F96976FFCBFD372150F1F16A6591DA013FE4F1D1BB070B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'monoscript.po')..end....local thread_checkifmonoanyhow=nil..local StructureElementCallbackID=nil..local pathsep..local libfolder....if getOperatingSystem()==0 then.. pathsep=[[\]].. libfolder='dlls'..else.. pathsep='/'.. libfolder='dylibs'..end....local dpiscale=getScreenDPI()/96....--[[local]] monocache={}....mono_timeout=3000 --change to 0 to never timeout (meaning: 0 will freeze your face off if it breaks on a breakpoint, just saying ...)....MONO_DATACOLLECTORVERSION=20221207....MONOCMD_INITMONO=0..MONOCMD_OBJECT_GETCLASS=1..MONOCMD_ENUMDOMAINS=2..MONOCMD_SETCURRENTDOMAIN=3..MONOCMD_ENUMASSEMBLIES=4..MONOCMD_GETIMAGEFROMASSEMBLY=5..MONOCMD_GETIMAGENAME=6..MONOCMD_ENUMCLASSESINIMAGE=7..MONOCMD_ENUMFIELDSINCLASS=8..MONOCMD_ENUMMETHODSINCLASS=9..MONOCMD_COMPILEMETHOD=10..MONOCMD_GETMETHODHEADER=11..MONOCMD_GETMETHODHEADER_CODE=12..MONOCMD_LOOKUPRVA=13..MONOCMD_GETJITINFO=14..MONOCMD_FINDCLASS=15..MONOCMD_FIND

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-4DCN2.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (312), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):64056
                                                                                                                                                                                                          Entropy (8bit):5.143902164750308
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:/ilZhlpsM/bJ+CGLM0oJyevomQ385GxwuyC+N/0nNjoHhjCL:/ilZhlpsM6M0oJyUomQMUyC+N/0ZoCL
                                                                                                                                                                                                          MD5:54151E1842473981D08C4B1B69CEB46C
                                                                                                                                                                                                          SHA1:26CCFFD2AD4DE7FEA9CA7B11FBFBCF5CA3E9EA00
                                                                                                                                                                                                          SHA-256:B318D2AC5CF96BA8A0A36EDDBB62B250004D44F214BB10C0E82E4F2DDBDA95D9
                                                                                                                                                                                                          SHA-512:F9B76F51F089807610052D1DA2F147975EA3A2FF00C70FC373087A9CE55E24337F52174F062D5EC262FF9227F98CB32E09753B4E5A68FB443D8EB27890607B73
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....--todo: split up into multiple units and use the java table for the methods as well......JAVACMD_STARTCODECALLBACKS=0..JAVACMD_STOPCODECALLBACKS=1..JAVACMD_GETLOADEDCLASSES=2..JAVACMD_DEREFERENCELOCALOBJECT=3..JAVACMD_GETCLASSMETHODS=4..JAVACMD_GETCLASSFIELDS=5..JAVACMD_GETIMPLEMENTEDINTERFACES=6..JAVAVMD_FINDREFERENCESTOOBJECT=7..JAVACMD_FINDJOBJECT=8..JAVACMD_GETCLASSSIGNATURE=9 --=getClassName..JAVACMD_GETSUPERCLASS=10..JAVACMD_GETOBJECTCLASS=11..JAVACMD_GETCLASSDATA=12..JAVACMD_REDEFINECLASS=13..JAVACMD_FINDCLASS=14..JAVACMD_GETCAPABILITIES=15..JAVACMD_GETMETHODNAME=16 --gets the methodname and the signature..JAVACMD_INVOKEMETHOD=17..JAVACMD_FINDCLASSOBJECTS=18 --find objects that belong to the given class..JAVACMD_ADDTOBOOTSTRAPCLASSLOADERPATH=19..JAVACMD_ADDTOSYSTEMCLASSLOADERPATH=20..JAVACMD_PUSHLOCALFRAME=21..JAVACMD_POPLOCALFRAME=22..JAVACMD_GETFIELDDECLARINGCLASS=23..JAVACMD_GETFIELDS

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-4G78C.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7354
                                                                                                                                                                                                          Entropy (8bit):4.798336095796441
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:K9yd/VQilJ6HLwxxKF9Znu8KX+qNdYSnatJoqVSQPFLqJ4:K0VPlJMgNdYSnatmqVSQPFLc4
                                                                                                                                                                                                          MD5:2BE703BF1FF1EA4DD6D1EFF673367E48
                                                                                                                                                                                                          SHA1:13C122CFD7EB38D298FA91F3D6021F025578B508
                                                                                                                                                                                                          SHA-256:6704BEF60F60F85E76AA19B96A43ACA74C4AA8905B4033A20C24B75171B33D0A
                                                                                                                                                                                                          SHA-512:E1FC1C55574F5FECEF535734A23DB9738D4C5762E085DEA721F9CD7F5F9F364DD1428F669F26149F1E49414F38A4C00BC7FD4F5E1A5C03A0E53B24C859B25C5E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local function genericJumpHandler(state, alwaystaken).. local origin=state.address.. local addressString=string.gsub(state.ldd.parameters,"qword ptr ","").. local addressString=string.gsub(addressString,"dword ptr ","").. local desusertion=getAddressSafe(addressString) --find out the desusertion.. local desusertion2.... if desusertion==nil then.. --in case of registers.. return.. end.... if not alwaystaken then.. desusertion2=origin+state.parsed[origin].bytesize.. end;...... state.branchOrigins[origin]={}.. state.branchOrigins[origin].desusertiontaken=desusertion.. state.branchOrigins[origin].desusertionnottaken=desusertion2.... if state.branchDesusertions[desusertion]==nil then --list of desusertions and their origin(s).. state.branchDesusertions[desusertion]={}.. end.... table.insert(state.branchDesusertions[desusertion], origin).... if not alwaystaken then.. if state.branchDesusertions[desusertion2]==nil then --list of desusertions and their origin(s).

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-4LDQM.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8862
                                                                                                                                                                                                          Entropy (8bit):4.974583347443069
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:b4QnfODIk5ktS+Xp7SjCjL6jSCXNB3mtS+jwKtwTZX:bwDIAoL6jfMbtwX
                                                                                                                                                                                                          MD5:18D66678D7078C907FDDB5CC4E16E94E
                                                                                                                                                                                                          SHA1:681DC425C522D1A87588E224980F539DE791F2C2
                                                                                                                                                                                                          SHA-256:D99600BD2A0E754423499C963953FBF16B5FF9CECADC44F1332733F08F3D3F6E
                                                                                                                                                                                                          SHA-512:D22C18C47D93C12ED60BF704C590AF3FE7D7D0BCC49B77939F18424F2D15241C084F7288AC1695F22EA97DE1C6605351DAAF98FB86A6D4269ADAE2C78642BA10
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'SaveSessions.po')..end......if cheatEngineIs64Bit() then.. if string.find(package.cpath, 'clibs64')==nil then.. package.cpath=package.cpath..[[;.\clibs64\?.dll]].. end..else.. if string.find(package.cpath, 'clibs32')==nil then.. package.cpath=package.cpath..[[;.\clibs32\?.dll]].. end..end....require("lfs")....function loadMemoryScan_internal(filename).. --print("loadMemoryScan").. .. --the thread is used to bypasses a bug in 6.3.....local ms=getCurrentMemscan()...local mf=getMainForm()...........local input,err=createFileStream(filename,fmOpenRead or fmShareDenyNone).. if input==nil then.. MessageDialog(err, mtError,mbOK).. return.. end.....local scanvalue=input.readAnsiString().. local originalFromAddress=input.readAnsiString() .. local originalToAddress=input.readAnsiString() ...local scantype=input.readByte()...local vartype=input.readByte().. .....local savedscancount=input.readByte(

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-5GPEK.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):53565
                                                                                                                                                                                                          Entropy (8bit):4.994608075433237
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:kR7JxiEJ1FwKp/UnSkXZh/GZPbZ1/GZU29s4dwHvuhWaPg5jys9:Oiqp/UnSkXZh/GZPbZ1/GZUWm9
                                                                                                                                                                                                          MD5:96A64006F752ECD75FAED81F86212F93
                                                                                                                                                                                                          SHA1:1889EBB9C206866A7096F6ECD5B7CEC628DCDCBE
                                                                                                                                                                                                          SHA-256:4F0E7249A20147FB1E364B5B182D990E6D00BF6A2624EDAA368B65142DD08408
                                                                                                                                                                                                          SHA-512:01F01661B7C8DDDC2940FB8A6E3384C5BEBD1560703E510E7EC029A294AA0A49486B6948851D99C01594CBDDF75295D2F38AB4C1E7760AFA3E40B15151B0FB2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....--Java class editor......--[[..This will show an userinterface for editing java classes and will return a list of "patch" commands..that can be used with the runtime java class edit commands....e.g:..DefineLabel(spot)..InsertBytecode(spot, command)..ModifyBytecode(spot, command)..DeleteBytecode(spot) (could be ModifyBytecode(spot,"nop") )......The user should not have to know about exceptions and how their positions change with each insert/delete....gui:..listview:..index|byteindex|label |exception|instruction|..-----|---------|------|---------|-----------|..0 |0 | | |nop | Insert..0 |1 |l1: |ex1: |branch l1 | Delete.. Modify....--]]....--http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-6.html......java_bytecodes={}....--[[..paramtypes:.. s1=signed 1 byte.. s2=signed 2 byte.. s4=signed 4 b

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-6N8A9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18412
                                                                                                                                                                                                          Entropy (8bit):5.0642202603121165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:zGYmhPbvqKlu2uzKCM/muwu5gfMs5eQVQgQ2GO:zGkKl4zm/mhR
                                                                                                                                                                                                          MD5:E4FA493CBF4F5E932DCE648A78800616
                                                                                                                                                                                                          SHA1:B82C12B23AE06AC07AE61B0B599F055DC879C949
                                                                                                                                                                                                          SHA-256:ACFB9FDA20C347D8B7B2E513D38D2692BD054AE90B88E846460E66B986DD8D1C
                                                                                                                                                                                                          SHA-512:E0C4B9B757D4F38DBDB2C5CE11FA27EE742EDA97A20F098D38300C8DCF27015D5CFC8BFD658B6A7F48CFDECE9645DA633C32B18050598A368432F7B026826823
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....require([[autorun\javaClassEditor]])....--parser for .class files and java bytecode..--http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html....--constant type values..java_CONSTANT_Class=7..java_CONSTANT_Fieldref=9..java_CONSTANT_Methodref=10..java_CONSTANT_InterfaceMethodref=11..java_CONSTANT_String=8..java_CONSTANT_Integer=3..java_CONSTANT_Float=4..java_CONSTANT_Long=5..java_CONSTANT_Double=6..java_CONSTANT_NameAndType=12..java_CONSTANT_Utf8=1..java_CONSTANT_MethodHandle=15..java_CONSTANT_MethodType=16..java_CONSTANT_InvokeDynamic=18......function java_read_u4(stream).. local b={string.byte(stream.data, stream.index,stream.index+4-1)}.. stream.index=stream.index+4.... return byteTableToDword({b[4],b[3],b[2],b[1]})..end......function java_read_u2(stream).. local b={string.byte(stream.data, stream.index,stream.index+2-1)}.. stream.index=stream.index+2.... return byteTableToWord({b

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-ENPS2.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7984
                                                                                                                                                                                                          Entropy (8bit):4.628436564346363
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:hG6G275/GPinZJGJBo2HXwymhmBEO/66dogk:fG4/vnZJGJv3qABPm
                                                                                                                                                                                                          MD5:6BFAA8047A8912C979D8B7ADC21BEFC4
                                                                                                                                                                                                          SHA1:9DEB3F151A70B1DE2AF921E2C4A05A9AFBFE88DA
                                                                                                                                                                                                          SHA-256:7EFC51C61CEC0EF4330C63E8848AD17BF707CC7067F8F5E195AE69D373BF4D24
                                                                                                                                                                                                          SHA-512:BEC70863FE63321EC815164A84FC82F7F03139E668AC165E218B033C2E79150B405AE553CBD8543F3AEDC839DB35FC74C14348E080598FB7BC25FB7908386A0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--patches a dotnet method. Prerequisite: Must not be inlined or generic, or anything complex....function ParseScriptTokens(script,values).. --parses the script for <> entries and looks up the value in the values table.. if script==nil then .. print(debug.traceback()).. error('ParseScriptTokens: script is nil') .. end.. if values==nil then .. print(debug.traceback()).. error('ParseScriptTokens: values is nil') .. end.. .. return string.gsub(script,"<(.-)>",function(v) .. local r=values[v].. if r then return r else return x end.. end)..end....function dotnetpatch_getAllReferences().. --gets a list of all assemblies.. --todo: if they are in-memory only, export them to a file first (create the mz/pe manually, just the metadata).. local r={}.. local sysfile.... if monopipe then.. mono_enumImages(function(img).. local n=mono_image_get_filename(img).. local ln=extractFileName(n:lower()).. if ln~='mscorlib.dll' and ln~='netstandard.dll' then..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-EP4AH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (301), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57578
                                                                                                                                                                                                          Entropy (8bit):4.965043624755705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:SDN7O8gQVISPW3R89Mvybxj/kTdg4YXj2P:SDN7OiPW3W9MvybxjM/dP
                                                                                                                                                                                                          MD5:49C105DC0F4E732802284180722747C2
                                                                                                                                                                                                          SHA1:CDC575490B51A252202BB5E37F0536870DD3CCA0
                                                                                                                                                                                                          SHA-256:43DAE8CFAA2C16B3D94C748DE250BBA2E16E9789C8B2F3395CB6ED4F79E624C6
                                                                                                                                                                                                          SHA-512:B3A582E1FB4BAF003F40262C888ADF84041874E729A97D8CFAED581C84B7B3F5823DAFA4249607D4E79B62AA30BC207632ECA9522A0866EDF1C57CFC8296EFE7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'pseudocodediagram.po')..end......--[[pseudocodediagram.lua]]--....local DPIAdjust=getScreenDPI()/96....--Global..diagramstyle = {}..diagramstyle.instruction_registerstyle = '[31;1m' --red + bold..diagramstyle.instruction_hexstyle = '[34;1m' --blue + bold..diagramstyle.instruction_symbolstyle = '[32;1m' --green + bold..diagramstyle.instruction_opcodestyle = '[1m' --bold..diagramstyle.link_defaultcolor = 0x00FF00FF --fuchsia..diagramstyle.link_nottakencolor = 0x000000FF --red..diagramstyle.link_takencolor = 0x00FF0000 --blue..diagramstyle.link_linethickness = 3*DPIAdjust..diagramstyle.link_arrowsize = math.ceil(5*DPIAdjust)..diagramstyle.link_pointdepth = 20*DPIAdjust --distance between links..diagramstyle.block_headershowsymbol = true..diagramstyle.block_bodyshowaddresses = fal

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-ET21F.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):5.052893474705733
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:jFwErIVt0OdI+eGvJYazVId2EA3ivun0gVVjec0Lg0zVCAMBNXnGCWMdO:5myTjOId2p3ivIVje5tVDMBRnGV5
                                                                                                                                                                                                          MD5:9BA24A4B8CB68B40D229109565572F78
                                                                                                                                                                                                          SHA1:F2DABC40C3761FD9196291AB42943D580062CD11
                                                                                                                                                                                                          SHA-256:8B5608DAEDB4370990B65579EE8D1D5623644FD9C0BBE007211D5837DC690C72
                                                                                                                                                                                                          SHA-512:BEFA54FD6A87BAF24030B6E292E0D8E674FBD69B3424184582EB38D8AF2C8459E7728BC6F03032735A6A1B6C5FE459ECDB1C862BDBD390DC695F4085ABC3918A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--Alice says hi!....local t=createTimer()..t.Interval=110000..t.OnTimer=function().. local f=getForm(0).. f.Width=f.Width+2.. f.Height=f.Height+2.... if t.Interval>10000 then.. t.Interval=t.Interval-10000.. end.... createMemoryStream().Size=math.random(65536*4,65536*32);..end

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-F5QPG.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7574
                                                                                                                                                                                                          Entropy (8bit):4.744280698083541
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:J+/R0h8p0wyUYCCTLysSUDfH0HwjOtHdqFB2i6uMPV:LWBUDU9Er4V
                                                                                                                                                                                                          MD5:D609EA53AD996E63300E703ED98EAB08
                                                                                                                                                                                                          SHA1:8E19906C32BEE40E9A24CB82AB57D109AE11E038
                                                                                                                                                                                                          SHA-256:E0C48C9033C52F77AD7B1DF44E2BB81C2FEF868CE08D46054723BC8441F0C742
                                                                                                                                                                                                          SHA-512:CC85857D449F507477A12CB7D5BE31288BAECB3B41BD760EBF1BAD289771CC7EAAF608B74E421EDA948D0B45E02A6FC188474C0E926EAE20510C77D2AF8890A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--version check update script for cheat engine..--Don't like it? Just delete this file. Easy as that....--For the translators:..if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'VersionCheck.po')..end....local vsettings=getSettings("VersionCheck")....local VersionCheckThread....function CheckVersion(automatic).. --create a thread that will get the latest version and buildnumber.. if versionCheckThread==nil then.. versionCheckThread=createThread(function(t).. local i=getInternet('CEVersionCheck').. local r=i.getURL('https://cheatengine.org/latestversion.txt').... if r then.. local sl=createStringlist().. local newerVersion=false.. local latestVersionCompleteBuildNumber.. local latestVersionNumber.. local latestVersionString --separate for crap like 6.5.1 (can't show 6.51 to the user).. sl.Text=r.... if sl.Count<3 then.. t.synchronize(function().. if au

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-GTI0U.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2095
                                                                                                                                                                                                          Entropy (8bit):4.920154640424097
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:gzax3OK42b8w6aBxVpKDRKLYChKr+deaUAyA16AhXaAe76:gzax+KIPazVpKDRaNhKr+dlUDy6GXapW
                                                                                                                                                                                                          MD5:CA347DEF8A682D2ADF951C4ECBABD948
                                                                                                                                                                                                          SHA1:C65BBC8A5106E9ACE9DDC450EC3A5F637704FA62
                                                                                                                                                                                                          SHA-256:1F11078B143B92612822F3DFC09D93778471198F203694C8FC911E249FBBC557
                                                                                                                                                                                                          SHA-512:9F7A08822D9357AF72A27707C17FC0D3EC03E72333D88E2BA8E2BE95EAB7BA9C1B33EA3E2E20D734C382F4732F77443D3AA9C189667A74195987F5DB486E2651
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local c=createComboBox(MainForm.gbScanOptions)....c.Style='csDropDownList'..c.Items.add('All')..c.ItemIndex=0..c.Name='ScanOptionsModuleList' ......c.Align=alTop..c.BorderSpacing.Left=6..c.BorderSpacing.Right=6..c.BorderSpacing.Bottom=2....local modulelist....function FillList().. local is64bit=targetIs64Bit().. local op.. if is64bit then.. op='32'.. else.. op='64'.. end.. synchronize(function() .. while c.Items.Count>1 do.. c.Items.delete(1).. end.. end).... modulelist=enumModules().. .. synchronize(function().. if modulelist then.. local i.. for i=1, #modulelist do.. modulelist[i].OriginalName=modulelist[i].Name.. if modulelist[i].Is64Bit ~= is64bit then.. modulelist[i].OriginalName='_'..modulelist[i].OriginalName.. modulelist[i].Name=modulelist[i].Name..' ('..op..'-bit)'.. end.... c.Items.Add(modulelist[i].Name).. end.. end.. end)..end....c.OnMouseEnter=function(d) .. if c.Items.Count<

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-GUI0I.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9243
                                                                                                                                                                                                          Entropy (8bit):4.766574177681985
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:C64/8dXYKgLNhpwHmFUazyI+Q4Om1q/Qt:t4nHUKUa0Out
                                                                                                                                                                                                          MD5:40D6BFE593194CF938E19622A3C13A5E
                                                                                                                                                                                                          SHA1:761257E8EF492431CF0E04DBCA396FABB25FE1AE
                                                                                                                                                                                                          SHA-256:C4CEF60489B067C8E7ABCDD5594643A27D0720B21523753DD462D53024287116
                                                                                                                                                                                                          SHA-512:1D1AAA9DE74B0BB08CC4CECED5DBFA4C589347EAC098D7AE013D5A1BEAAE0EEACA4D314E2591560C6DF14A93DD4E9316CA317D21EFADCCA57D11EEE72F4C6E16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'autosave.po')..end....require("lfs")....autosave={} --todo make local....local AutoSaveSettings=getSettings('Auto Save')..local AutoSaveVersion=1....autosave.getPath=function().. local path=AutoSaveSettings['SavePath'].. if (path==nil) or (path=='') then.. .. path=os.getenv("LOCALAPPDATA").. if (path==nil) or (path=='') then.. path=getCheatEngineDir() --last attempt .. end.. end.. .. if string.sub(path,#path)~='\\' then.. path=path..'\\'.. end.. .. return path..end....function autosave.saveState().... .. local pid=AutoSaveSettings['ProcessID'].. if pid and pid~='' then.. pid=tonumber(pid).. if pid~=getCheatEngineProcessID() then.. --another CE has done an autosave.. if getProcessList()[pid]==nil then.. --it doesn't exist anymore... messageDialog(translate('Another instance of Cheat Engine has crashed and it created an autosave. Autosave disabled until y

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-HO8MA.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15160
                                                                                                                                                                                                          Entropy (8bit):4.132367012227535
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:fTJbJcJtJZJtJeJAmDF3zY0PLTuHrRthutT9AT0HqkVWAcK3wMexR9WnraIeBXjJ:LJbJcJtJZJtJeJAmDF3zY0jTuHr7huFG
                                                                                                                                                                                                          MD5:C5D67D9CB5017F96F34CB9BA0F08FDF0
                                                                                                                                                                                                          SHA1:53DCA47CF042380F8DBC3399832A559A2C7368BD
                                                                                                                                                                                                          SHA-256:42896BBE75C79C381CC90FBAE685DA24013CAAD0786F1B1A4B569620C45F3F72
                                                                                                                                                                                                          SHA-512:C2F41A7C1A25B66B9DC0A496AD87818C9C7E3F70CEB82344AD7F664764293D2F9A43E607A4A299597E44B6763B3BFC63AD8F4EB01C6BD68EAE4BB04ACF775F42
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--dotnetsearch..if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'dotnetsearch.po')..end....function spawnDotNetSearchDialog(DataSource, frmDotNetInfo, searchtype).... local currentScan --rule: only writable in mainthread.. local searchresults={}.. .. .. --spawns a searchdialog. searchtype has 3 options: 0-ClassName, 1-FieldName, 2-MethodName.. local frmSearch=createFormFromFile(getAutorunPath()..'forms'..pathsep..'DotNetSearch.frm') .. .. _G.frmSearch=frmSearch.. .. if searchtype==0 then.. frmSearch.Caption=translate('Find Class') .. frmSearch.cbLimitToCurrentBase.Caption=translate('Limit to current image').. .. frmSearch.cbLimitToCurrentBase.Enabled=frmDotNetInfo.lbImages.ItemIndex>=0 .. frmSearch.lvResults.Columns.delete(2).. elseif searchtype==1 then.. frmSearch.Caption=translate('Find Field') .. frmSearch.cbLimitToCurrentBase.Caption=translate('Limit to current class').. frmSearch.cbLimitToCurrentBase.Enabled=f

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-IT56N.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5446
                                                                                                                                                                                                          Entropy (8bit):5.106344058039722
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:UFbOaNZRB+TqamMsKs5EcDE0F39dLC/B9gn0TUTXM2sit8vD/Jae8:gaTqamQcN9dLq9QDM2fG7o
                                                                                                                                                                                                          MD5:4FF5CD5283B83CF4614D14E4363ED8F2
                                                                                                                                                                                                          SHA1:A435BF58C9E58211CADA8EA1AF2891EA488E4DD2
                                                                                                                                                                                                          SHA-256:45AD5D854DEE4CA07F60B5BA89CF328DD7B216A0EF3232A2647D15BE38C6C4C0
                                                                                                                                                                                                          SHA-512:8208B64CD2FFA356DCAC8463188325B1AF88C0598F231EA0E36E74DEC64E0C50740FC3DB26790BF39FA30C0D457B910A7F9EEC8E2049C04F48C793B58452A7A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--mp3 sound extension....if oldcreateMemoryStream==nil then oldcreateMemoryStream = createMemoryStream end..function createMemoryStream().. local obj = oldcreateMemoryStream().. local oldwrite=obj.write.... obj.write = function (t,n) -- override default write.. local count=0.. for _,v in ipairs(t) do.. if count==n then break end.. oldwrite({v},1).. count=count+1.. end.. end.... obj.writeDword = function (v) obj.write(dwordToByteTable(v)) end.. obj.writeWord = function (v) obj.write(wordToByteTable(v)) end.... return obj..end......--convertMP3ToRIFFMP3(stream)..function convertMP3ToRIFFMP3(stream).. local riffmp3 = createMemoryStream().... local header = {.. 0x46464952,0x00000000,0x45564157,0x20746D66,0x0000001E,0x00020055,.. 0x0000AC44,0x00000000,0x00000001,0x0001000C,0x00000002,0x00010001,.. 0x61660571,0x00047463,0x2FF80000,0x61640014.. } -- default is 44100Hz , Stereo.... loca

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-JM5FQ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8088
                                                                                                                                                                                                          Entropy (8bit):5.172167677485522
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:zuiTTPEYya1gq5jfFEYQhRIA03xB97cq1fvhEN:ztTzyapKRiG
                                                                                                                                                                                                          MD5:B5AE011C70C1D26CC31A5D818D60E53C
                                                                                                                                                                                                          SHA1:7BE6AD86FCC9208D6F21B9F1D464B6334E64922B
                                                                                                                                                                                                          SHA-256:31ED4209776DBFAD74EC811326439D26C02B6AB653056D5E171D952C12D3F25B
                                                                                                                                                                                                          SHA-512:440B1AFC72D671D8AA663B6672371AC365029525EE055CF380A9C9C84625FD5FA2B328110633A183F87CECF8D1D2CACB62E49A7EB382B30AAA75DA5B3D2F3054
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--[[..You have a d:\bla.dll with namespace ClassLibraryX, with a class named "MyClass"..That class contains a function defined as:..public static int MyInitFunctionName(string parameters)....then you do: injectDotNetDLL('d:\\bla.dll','ClassLibraryX.MyClass','MyInitFunctionName','Something')....--]]....local DotNetCoreInjectScript=[[..[enable]..alloc(injectdotnetdll, 2048)..alloc(IID_ICLRRuntimeHost4,16)..alloc(RuntimeHost,8)....alloc(paramstr,256)..alloc(methodname,256)..alloc(classname,256)..alloc(dllpath,512)....alloc(returnvalue,4)..alloc(errorvalue,4)..label(error)....dllpath:..dw '%s',0....classname:..dw '%s',0....methodname:..dw '%s',0....paramstr:..dw '%s',0......IID_ICLRRuntimeHost4:..db 66 d3 f6 64 c2 d7 1f 4f b4 b2 e8 16 0c ac 43 af....injectdotnetdll:..[64-bit]..sub rsp,6*8+8..mov rcx,IID_ICLRRuntimeHost4..mov rdx,RuntimeHost..[/64-bit]....[32-bit]..push RuntimeHost..push IID_ICLRRuntimeHost4..[/32-bit]....call GetCLRRuntimeHost..cmp eax,0..jne error....[64-bit]..mov rcx,[Ru

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-KIFK6.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17557
                                                                                                                                                                                                          Entropy (8bit):4.7553596901580395
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:02/2WiurcwWJsFH1bukLWmHwt/5B9ndDiC4fVAslnlKQ8gLIeHkSD//TVxVkB8CZ:HtWIBugO8ieHkSDnTVTnC8i+lLQC/6
                                                                                                                                                                                                          MD5:F2896031568F43A7E4A7529A16F4EA12
                                                                                                                                                                                                          SHA1:A24B17AEC47FB290EE29BFC01C7386B85827D14E
                                                                                                                                                                                                          SHA-256:0714BD0F908345D7588A09C856746D76861CE4EB3571692BABC1BCE2D35A57AA
                                                                                                                                                                                                          SHA-512:B4F9EBB1E8375045269FF11FE2B6AEC3C31E64AB89CDDBFF1D26451DB3426AE841E28D184539959F84248CF101854F47E8F3497BA8414460ABCAC3C0D66248B3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local DPIMultiplier=(getScreenDPI()/96)....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'patchscan.po')..end....local IMAGE_SCN_CNT_CODE=0x20..local IMAGE_SCN_MEM_EXECUTE=0x20000000....function byteTableToHexString(bt).. local i.. local r=''.... if bt then.. for i=1,#bt do.. r=r..string.format("%.2x ",bt[i]).. end.. end.. return r..end......function scanModuleForPatches(modulepath, loadedModuleBase, thread).... local original=createMemoryStream().. local r,e=original.loadFromFileNoError(modulepath).. if not r then.. original.destroy().. return false,e.. end.. original.Position=0...... if (byteTableToString(original.read(2))~='MZ') then.. original.destroy().. return nil,translate('Not a valid executable').. end.... original.Position=60;.. local lfanew=original.readDword();.. original.Position=lfanew;.... if (byteTableToString(original.read(2))~='PE') then.. original.destroy().. return nil,translate('Not a valid win

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-LGB3P.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7632
                                                                                                                                                                                                          Entropy (8bit):4.883983761190223
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:peDFQNTce2Qt5q/sn2Wdk7RlxJKTiZjYsfUv:p3ue2F7RlxJfYP
                                                                                                                                                                                                          MD5:459B793E0DC43A993F03D8B612F67CEC
                                                                                                                                                                                                          SHA1:F14AE9AFBE97AF534A11BF98AC1CC096269F1474
                                                                                                                                                                                                          SHA-256:E2CBB4C2F46305BB07D84222231012FD4C800FE8E1B43E0AA1AF9B6C5D111F7F
                                                                                                                                                                                                          SHA-512:1740068E3419D153ECBD9D1A6AADA20AABE71915E7422DCE1A83E616E8D2A1084922A81741591A682531E1F8146E437D8688521C7707A4909E5721768A3F956E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--Copyright Cheat Engine......local function getOriginalCodeAndFiller(address).. local original,filler.... if type(address)~='number' then.. address=getAddressSafe(address).. end.... if address==nil then.. return nil, 'invalid address'.. end.... local sl=createStringList().. local d=createDisassembler().. local size=0.. while size<5 do.. d.disassemble(address).. local ldd=d.LastDisassembleData.. local inst=ldd.opcode..' '..ldd.parameters.. sl.add(inst).. size=size+#ldd.bytes.. address=address+#ldd.bytes.. end.... original=sl.Text.. if size-5>0 then.. filler=string.format("nop %x", size-5).. else.. filler=''.. end.... sl.destroy().. d.destroy().. return original,filler..end......local function hookSpeedFunctions().. if speedhack and speedhack.processid==getOpenedProcessID() then .. return true.. end.... local result, data=autoAssemble([[.. alloc(speedhack_wantedspeed,4).. registersymbol(speedhack_wantedspeed).. speedhack_w

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-MM02R.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2018
                                                                                                                                                                                                          Entropy (8bit):4.845505891620365
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:8LRZCSs+dJPHoSLI0zAXFqfzhPR3sAuH7vMTCRTnoH7ADR09ZWgsAU1HTfHU1EP:IRZ7umKgl5s2+cZPs81u
                                                                                                                                                                                                          MD5:3E20F1013FB48A67FE59BEDE7B8E341B
                                                                                                                                                                                                          SHA1:8C8A4CB49C3B29DB2C47F84AAFD0416101722BFE
                                                                                                                                                                                                          SHA-256:96E4429192F9AB26F8BF9F9429F36B388AA69C3624781C61EA6DF7E1BCA9B49B
                                                                                                                                                                                                          SHA-512:99CF3F88C8B06DA0DBE8085DEE796BEC7A9533990A55FBCE7524A4F941B5ECF0E8EC975A4B032EB2AAABD116C0804995A75036C98A5E4058F25D78D08A11F3F2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local pm=AddressList.PopupMenu..local pmAddToNewGroup=createMenuItem(pm)..pmAddToNewGroup.Caption=translate('Add to new group')..pmAddToNewGroup.ImageIndex=MainForm.CreateGroup.ImageIndex..pm.Items.insert(MainForm.CreateGroup.MenuIndex, pmAddToNewGroup)....local oldOnPopup=AddressList.PopupMenu.OnPopup..AddressList.PopupMenu.OnPopup=function(s).. if oldOnPopup then.. oldOnPopup(s).. end.. pmAddToNewGroup.Visible=AddressList.SelCount>=1..end....pmAddToNewGroup.OnClick=function(s).. local i.. local count=0.. local selcount=0.. local withAddress=false.. local hasAddressSupport=false.... if AddressList.SelCount==0 then.. messageDialog('Please select at least one entry first', mtError, mbOK).. return.. end.... hasAddressSupport=AddressList[0].IsAddressGroupHeader~=nil.... for i=0,AddressList.Count-1 do.. if AddressList[i].IsGroupHeader then.. count=count+1.. end.. end...... local groupname=translate(string.format('Group %d',count+1)).. if (isKeyPressed(VK_

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\is-T5U34.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14247
                                                                                                                                                                                                          Entropy (8bit):4.757455540825877
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:p1mEfPL5ThWRM8vLdyWR1hHS+6stplX7ZbaFYBY6tnGb:VfPjylLNkKW6tE
                                                                                                                                                                                                          MD5:26C0E56ABEBFB550A9D208D6191816E0
                                                                                                                                                                                                          SHA1:8F2392846633AC48A0168AFE9F20AFC124699F4C
                                                                                                                                                                                                          SHA-256:A825F660DF2E6C13DBECE0A0F8DC306129BD784F8DC4EFC37E67E9CDD00CE65F
                                                                                                                                                                                                          SHA-512:4FC8A18E2F24374953694CB9230D9DDBA7A1B69B3BA5574AE143CB79B8D0F7CD94E9DD7337EC58EA40769A4B552A583C466781AC7EFF50C9199EAB39AD2076A9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'CeShare.po')..end....ceshare={}....function ceshare.getInternet().. if ceshare.internet==nil then.. ceshare.internet=getInternet('ceshare').. end.. return ceshare.internet..end....local pathsep..if getOperatingSystem()==0 then.. pathsep=[[\]]..else.. pathsep=[[/]]..end....ceshare.version=-1..ceshare.path=getAutoRunPath()..'ceshare'..pathsep..ceshare.formpath=ceshare.path..pathsep..'forms'..pathsep..ceshare.imagepath=ceshare.path..pathsep..'images'..pathsep....if package.loaded.xmlSimple==nil then.. package.path=package.path..';'..getAutoRunPath()..'xml'..pathsep..'?.lua'..else.. package.loaded.xmlSimple=nil..end..ceshare.xmlParser = require("xmlSimple").newParser()......package.path=package.path..';'..ceshare.path..[[?.lua]]....function loadCEShare().. ceshare.settings=getSettings('ceshare').. ceshare.secondaryIdentifierCode=getSettings('ceshare\\secondaryIdentifierCode').... require("ceshare_account

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\java.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (312), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):64056
                                                                                                                                                                                                          Entropy (8bit):5.143902164750308
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:/ilZhlpsM/bJ+CGLM0oJyevomQ385GxwuyC+N/0nNjoHhjCL:/ilZhlpsM6M0oJyUomQMUyC+N/0ZoCL
                                                                                                                                                                                                          MD5:54151E1842473981D08C4B1B69CEB46C
                                                                                                                                                                                                          SHA1:26CCFFD2AD4DE7FEA9CA7B11FBFBCF5CA3E9EA00
                                                                                                                                                                                                          SHA-256:B318D2AC5CF96BA8A0A36EDDBB62B250004D44F214BB10C0E82E4F2DDBDA95D9
                                                                                                                                                                                                          SHA-512:F9B76F51F089807610052D1DA2F147975EA3A2FF00C70FC373087A9CE55E24337F52174F062D5EC262FF9227F98CB32E09753B4E5A68FB443D8EB27890607B73
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....--todo: split up into multiple units and use the java table for the methods as well......JAVACMD_STARTCODECALLBACKS=0..JAVACMD_STOPCODECALLBACKS=1..JAVACMD_GETLOADEDCLASSES=2..JAVACMD_DEREFERENCELOCALOBJECT=3..JAVACMD_GETCLASSMETHODS=4..JAVACMD_GETCLASSFIELDS=5..JAVACMD_GETIMPLEMENTEDINTERFACES=6..JAVAVMD_FINDREFERENCESTOOBJECT=7..JAVACMD_FINDJOBJECT=8..JAVACMD_GETCLASSSIGNATURE=9 --=getClassName..JAVACMD_GETSUPERCLASS=10..JAVACMD_GETOBJECTCLASS=11..JAVACMD_GETCLASSDATA=12..JAVACMD_REDEFINECLASS=13..JAVACMD_FINDCLASS=14..JAVACMD_GETCAPABILITIES=15..JAVACMD_GETMETHODNAME=16 --gets the methodname and the signature..JAVACMD_INVOKEMETHOD=17..JAVACMD_FINDCLASSOBJECTS=18 --find objects that belong to the given class..JAVACMD_ADDTOBOOTSTRAPCLASSLOADERPATH=19..JAVACMD_ADDTOSYSTEMCLASSLOADERPATH=20..JAVACMD_PUSHLOCALFRAME=21..JAVACMD_POPLOCALFRAME=22..JAVACMD_GETFIELDDECLARINGCLASS=23..JAVACMD_GETFIELDS

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\javaClassEditor.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):53565
                                                                                                                                                                                                          Entropy (8bit):4.994608075433237
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:kR7JxiEJ1FwKp/UnSkXZh/GZPbZ1/GZU29s4dwHvuhWaPg5jys9:Oiqp/UnSkXZh/GZPbZ1/GZUWm9
                                                                                                                                                                                                          MD5:96A64006F752ECD75FAED81F86212F93
                                                                                                                                                                                                          SHA1:1889EBB9C206866A7096F6ECD5B7CEC628DCDCBE
                                                                                                                                                                                                          SHA-256:4F0E7249A20147FB1E364B5B182D990E6D00BF6A2624EDAA368B65142DD08408
                                                                                                                                                                                                          SHA-512:01F01661B7C8DDDC2940FB8A6E3384C5BEBD1560703E510E7EC029A294AA0A49486B6948851D99C01594CBDDF75295D2F38AB4C1E7760AFA3E40B15151B0FB2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....--Java class editor......--[[..This will show an userinterface for editing java classes and will return a list of "patch" commands..that can be used with the runtime java class edit commands....e.g:..DefineLabel(spot)..InsertBytecode(spot, command)..ModifyBytecode(spot, command)..DeleteBytecode(spot) (could be ModifyBytecode(spot,"nop") )......The user should not have to know about exceptions and how their positions change with each insert/delete....gui:..listview:..index|byteindex|label |exception|instruction|..-----|---------|------|---------|-----------|..0 |0 | | |nop | Insert..0 |1 |l1: |ex1: |branch l1 | Delete.. Modify....--]]....--http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-6.html......java_bytecodes={}....--[[..paramtypes:.. s1=signed 1 byte.. s2=signed 2 byte.. s4=signed 4 b

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\javaclass.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18412
                                                                                                                                                                                                          Entropy (8bit):5.0642202603121165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:zGYmhPbvqKlu2uzKCM/muwu5gfMs5eQVQgQ2GO:zGkKl4zm/mhR
                                                                                                                                                                                                          MD5:E4FA493CBF4F5E932DCE648A78800616
                                                                                                                                                                                                          SHA1:B82C12B23AE06AC07AE61B0B599F055DC879C949
                                                                                                                                                                                                          SHA-256:ACFB9FDA20C347D8B7B2E513D38D2692BD054AE90B88E846460E66B986DD8D1C
                                                                                                                                                                                                          SHA-512:E0C4B9B757D4F38DBDB2C5CE11FA27EE742EDA97A20F098D38300C8DCF27015D5CFC8BFD658B6A7F48CFDECE9645DA633C32B18050598A368432F7B026826823
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'Java.po')..end....require([[autorun\javaClassEditor]])....--parser for .class files and java bytecode..--http://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html....--constant type values..java_CONSTANT_Class=7..java_CONSTANT_Fieldref=9..java_CONSTANT_Methodref=10..java_CONSTANT_InterfaceMethodref=11..java_CONSTANT_String=8..java_CONSTANT_Integer=3..java_CONSTANT_Float=4..java_CONSTANT_Long=5..java_CONSTANT_Double=6..java_CONSTANT_NameAndType=12..java_CONSTANT_Utf8=1..java_CONSTANT_MethodHandle=15..java_CONSTANT_MethodType=16..java_CONSTANT_InvokeDynamic=18......function java_read_u4(stream).. local b={string.byte(stream.data, stream.index,stream.index+4-1)}.. stream.index=stream.index+4.... return byteTableToDword({b[4],b[3],b[2],b[1]})..end......function java_read_u2(stream).. local b={string.byte(stream.data, stream.index,stream.index+2-1)}.. stream.index=stream.index+2.... return byteTableToWord({b

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\luasymbols.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):629
                                                                                                                                                                                                          Entropy (8bit):4.667259230622991
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:03Iw9kSSIEPchubhxoyPJ4y/oJf3DftSg0n/iyHfHHEo44JsITT+wF:03IwRCfPJ1/wKrHfHh4AsATvF
                                                                                                                                                                                                          MD5:DF4D243AB0407A1F03CCF448232FCF62
                                                                                                                                                                                                          SHA1:62453CFA7ABF6FA83158BE1BA86C854D9A6B7D4B
                                                                                                                                                                                                          SHA-256:C5A35380AF8BEBE96B85377F5F41F8C068CB857C74B9CB85B7467B35C1DE10C4
                                                                                                                                                                                                          SHA-512:4B05B65909673E92F59AB64C1FF4E0B829F5C9085EAFA1FFF28CB0CCD7E6A7F6EF031633F443E0BA156A4B8F5009F526D0356F39EF77B22706F98F100B1909C2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:luasymbols=registerSymbolLookupCallback(function(str).. if str then.. local firstchar=str:sub(1,1).. .. if (firstchar=='\'') or (firstchar=='\"') then.. return nil.. end.. .. local c='return '..str.. local lc=loadstring(c).. if lc then.. local isvalid,result=pcall(lc).. if isvalid then.. return result.. else.. return nil.. end.. end.. end..end, slNotSymbol) ....registerEXETrainerFeature('Lua Symbols', function().. local r={}.. r[1]={}.. r[1].PathToFile=getCheatEngineDir()..[[autorun\luasymbols.lua]].. r[1].RelativePath=[[autorun\]].. .. return r..end)

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\modulelistscan.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2095
                                                                                                                                                                                                          Entropy (8bit):4.920154640424097
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:gzax3OK42b8w6aBxVpKDRKLYChKr+deaUAyA16AhXaAe76:gzax+KIPazVpKDRaNhKr+dlUDy6GXapW
                                                                                                                                                                                                          MD5:CA347DEF8A682D2ADF951C4ECBABD948
                                                                                                                                                                                                          SHA1:C65BBC8A5106E9ACE9DDC450EC3A5F637704FA62
                                                                                                                                                                                                          SHA-256:1F11078B143B92612822F3DFC09D93778471198F203694C8FC911E249FBBC557
                                                                                                                                                                                                          SHA-512:9F7A08822D9357AF72A27707C17FC0D3EC03E72333D88E2BA8E2BE95EAB7BA9C1B33EA3E2E20D734C382F4732F77443D3AA9C189667A74195987F5DB486E2651
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local c=createComboBox(MainForm.gbScanOptions)....c.Style='csDropDownList'..c.Items.add('All')..c.ItemIndex=0..c.Name='ScanOptionsModuleList' ......c.Align=alTop..c.BorderSpacing.Left=6..c.BorderSpacing.Right=6..c.BorderSpacing.Bottom=2....local modulelist....function FillList().. local is64bit=targetIs64Bit().. local op.. if is64bit then.. op='32'.. else.. op='64'.. end.. synchronize(function() .. while c.Items.Count>1 do.. c.Items.delete(1).. end.. end).... modulelist=enumModules().. .. synchronize(function().. if modulelist then.. local i.. for i=1, #modulelist do.. modulelist[i].OriginalName=modulelist[i].Name.. if modulelist[i].Is64Bit ~= is64bit then.. modulelist[i].OriginalName='_'..modulelist[i].OriginalName.. modulelist[i].Name=modulelist[i].Name..' ('..op..'-bit)'.. end.... c.Items.Add(modulelist[i].Name).. end.. end.. end)..end....c.OnMouseEnter=function(d) .. if c.Items.Count<

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\monoscript.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):136078
                                                                                                                                                                                                          Entropy (8bit):5.006188616081032
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:/t5zmxQLPqWuiXL9eqiK8uthP/xoiEFLWiP8bTg1b3lDWIkGkxv0C2r0EcD+JZSh:O5n6MJCAi7hXZS8YHo6FG7236nDZ
                                                                                                                                                                                                          MD5:76168CA68F3ED8ADE110B140244EFBAF
                                                                                                                                                                                                          SHA1:2AF08403D17A64B10429C8FCE68AA085A6B287B7
                                                                                                                                                                                                          SHA-256:5832B5AB00E84690AC1E780E8B1C4ABD9649465234C9FFA2CECB410BE66A6B8A
                                                                                                                                                                                                          SHA-512:80AD21D631934D2B8E368A5B2D3CB5F1889D4A65099C2D8CD8BA37EB721C1EBDC2C6549FC530514BF9F96976FFCBFD372150F1F16A6591DA013FE4F1D1BB070B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'monoscript.po')..end....local thread_checkifmonoanyhow=nil..local StructureElementCallbackID=nil..local pathsep..local libfolder....if getOperatingSystem()==0 then.. pathsep=[[\]].. libfolder='dlls'..else.. pathsep='/'.. libfolder='dylibs'..end....local dpiscale=getScreenDPI()/96....--[[local]] monocache={}....mono_timeout=3000 --change to 0 to never timeout (meaning: 0 will freeze your face off if it breaks on a breakpoint, just saying ...)....MONO_DATACOLLECTORVERSION=20221207....MONOCMD_INITMONO=0..MONOCMD_OBJECT_GETCLASS=1..MONOCMD_ENUMDOMAINS=2..MONOCMD_SETCURRENTDOMAIN=3..MONOCMD_ENUMASSEMBLIES=4..MONOCMD_GETIMAGEFROMASSEMBLY=5..MONOCMD_GETIMAGENAME=6..MONOCMD_ENUMCLASSESINIMAGE=7..MONOCMD_ENUMFIELDSINCLASS=8..MONOCMD_ENUMMETHODSINCLASS=9..MONOCMD_COMPILEMETHOD=10..MONOCMD_GETMETHODHEADER=11..MONOCMD_GETMETHODHEADER_CODE=12..MONOCMD_LOOKUPRVA=13..MONOCMD_GETJITINFO=14..MONOCMD_FINDCLASS=15..MONOCMD_FIND

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\patchscan.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):17557
                                                                                                                                                                                                          Entropy (8bit):4.7553596901580395
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:02/2WiurcwWJsFH1bukLWmHwt/5B9ndDiC4fVAslnlKQ8gLIeHkSD//TVxVkB8CZ:HtWIBugO8ieHkSDnTVTnC8i+lLQC/6
                                                                                                                                                                                                          MD5:F2896031568F43A7E4A7529A16F4EA12
                                                                                                                                                                                                          SHA1:A24B17AEC47FB290EE29BFC01C7386B85827D14E
                                                                                                                                                                                                          SHA-256:0714BD0F908345D7588A09C856746D76861CE4EB3571692BABC1BCE2D35A57AA
                                                                                                                                                                                                          SHA-512:B4F9EBB1E8375045269FF11FE2B6AEC3C31E64AB89CDDBFF1D26451DB3426AE841E28D184539959F84248CF101854F47E8F3497BA8414460ABCAC3C0D66248B3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local DPIMultiplier=(getScreenDPI()/96)....if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'patchscan.po')..end....local IMAGE_SCN_CNT_CODE=0x20..local IMAGE_SCN_MEM_EXECUTE=0x20000000....function byteTableToHexString(bt).. local i.. local r=''.... if bt then.. for i=1,#bt do.. r=r..string.format("%.2x ",bt[i]).. end.. end.. return r..end......function scanModuleForPatches(modulepath, loadedModuleBase, thread).... local original=createMemoryStream().. local r,e=original.loadFromFileNoError(modulepath).. if not r then.. original.destroy().. return false,e.. end.. original.Position=0...... if (byteTableToString(original.read(2))~='MZ') then.. original.destroy().. return nil,translate('Not a valid executable').. end.... original.Position=60;.. local lfanew=original.readDword();.. original.Position=lfanew;.... if (byteTableToString(original.read(2))~='PE') then.. original.destroy().. return nil,translate('Not a valid win

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\pseudocode.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7354
                                                                                                                                                                                                          Entropy (8bit):4.798336095796441
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:K9yd/VQilJ6HLwxxKF9Znu8KX+qNdYSnatJoqVSQPFLqJ4:K0VPlJMgNdYSnatmqVSQPFLc4
                                                                                                                                                                                                          MD5:2BE703BF1FF1EA4DD6D1EFF673367E48
                                                                                                                                                                                                          SHA1:13C122CFD7EB38D298FA91F3D6021F025578B508
                                                                                                                                                                                                          SHA-256:6704BEF60F60F85E76AA19B96A43ACA74C4AA8905B4033A20C24B75171B33D0A
                                                                                                                                                                                                          SHA-512:E1FC1C55574F5FECEF535734A23DB9738D4C5762E085DEA721F9CD7F5F9F364DD1428F669F26149F1E49414F38A4C00BC7FD4F5E1A5C03A0E53B24C859B25C5E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:local function genericJumpHandler(state, alwaystaken).. local origin=state.address.. local addressString=string.gsub(state.ldd.parameters,"qword ptr ","").. local addressString=string.gsub(addressString,"dword ptr ","").. local desusertion=getAddressSafe(addressString) --find out the desusertion.. local desusertion2.... if desusertion==nil then.. --in case of registers.. return.. end.... if not alwaystaken then.. desusertion2=origin+state.parsed[origin].bytesize.. end;...... state.branchOrigins[origin]={}.. state.branchOrigins[origin].desusertiontaken=desusertion.. state.branchOrigins[origin].desusertionnottaken=desusertion2.... if state.branchDesusertions[desusertion]==nil then --list of desusertions and their origin(s).. state.branchDesusertions[desusertion]={}.. end.... table.insert(state.branchDesusertions[desusertion], origin).... if not alwaystaken then.. if state.branchDesusertions[desusertion2]==nil then --list of desusertions and their origin(s).

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\pseudocodediagram.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (301), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57578
                                                                                                                                                                                                          Entropy (8bit):4.965043624755705
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:SDN7O8gQVISPW3R89Mvybxj/kTdg4YXj2P:SDN7OiPW3W9MvybxjM/dP
                                                                                                                                                                                                          MD5:49C105DC0F4E732802284180722747C2
                                                                                                                                                                                                          SHA1:CDC575490B51A252202BB5E37F0536870DD3CCA0
                                                                                                                                                                                                          SHA-256:43DAE8CFAA2C16B3D94C748DE250BBA2E16E9789C8B2F3395CB6ED4F79E624C6
                                                                                                                                                                                                          SHA-512:B3A582E1FB4BAF003F40262C888ADF84041874E729A97D8CFAED581C84B7B3F5823DAFA4249607D4E79B62AA30BC207632ECA9522A0866EDF1C57CFC8296EFE7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'pseudocodediagram.po')..end......--[[pseudocodediagram.lua]]--....local DPIAdjust=getScreenDPI()/96....--Global..diagramstyle = {}..diagramstyle.instruction_registerstyle = '[31;1m' --red + bold..diagramstyle.instruction_hexstyle = '[34;1m' --blue + bold..diagramstyle.instruction_symbolstyle = '[32;1m' --green + bold..diagramstyle.instruction_opcodestyle = '[1m' --bold..diagramstyle.link_defaultcolor = 0x00FF00FF --fuchsia..diagramstyle.link_nottakencolor = 0x000000FF --red..diagramstyle.link_takencolor = 0x00FF0000 --blue..diagramstyle.link_linethickness = 3*DPIAdjust..diagramstyle.link_arrowsize = math.ceil(5*DPIAdjust)..diagramstyle.link_pointdepth = 20*DPIAdjust --distance between links..diagramstyle.block_headershowsymbol = true..diagramstyle.block_bodyshowaddresses = fal

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\savesession.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8862
                                                                                                                                                                                                          Entropy (8bit):4.974583347443069
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:b4QnfODIk5ktS+Xp7SjCjL6jSCXNB3mtS+jwKtwTZX:bwDIAoL6jfMbtwX
                                                                                                                                                                                                          MD5:18D66678D7078C907FDDB5CC4E16E94E
                                                                                                                                                                                                          SHA1:681DC425C522D1A87588E224980F539DE791F2C2
                                                                                                                                                                                                          SHA-256:D99600BD2A0E754423499C963953FBF16B5FF9CECADC44F1332733F08F3D3F6E
                                                                                                                                                                                                          SHA-512:D22C18C47D93C12ED60BF704C590AF3FE7D7D0BCC49B77939F18424F2D15241C084F7288AC1695F22EA97DE1C6605351DAAF98FB86A6D4269ADAE2C78642BA10
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'SaveSessions.po')..end......if cheatEngineIs64Bit() then.. if string.find(package.cpath, 'clibs64')==nil then.. package.cpath=package.cpath..[[;.\clibs64\?.dll]].. end..else.. if string.find(package.cpath, 'clibs32')==nil then.. package.cpath=package.cpath..[[;.\clibs32\?.dll]].. end..end....require("lfs")....function loadMemoryScan_internal(filename).. --print("loadMemoryScan").. .. --the thread is used to bypasses a bug in 6.3.....local ms=getCurrentMemscan()...local mf=getMainForm()...........local input,err=createFileStream(filename,fmOpenRead or fmShareDenyNone).. if input==nil then.. MessageDialog(err, mtError,mbOK).. return.. end.....local scanvalue=input.readAnsiString().. local originalFromAddress=input.readAnsiString() .. local originalToAddress=input.readAnsiString() ...local scantype=input.readByte()...local vartype=input.readByte().. .....local savedscancount=input.readByte(

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\soundextension.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5446
                                                                                                                                                                                                          Entropy (8bit):5.106344058039722
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:UFbOaNZRB+TqamMsKs5EcDE0F39dLC/B9gn0TUTXM2sit8vD/Jae8:gaTqamQcN9dLq9QDM2fG7o
                                                                                                                                                                                                          MD5:4FF5CD5283B83CF4614D14E4363ED8F2
                                                                                                                                                                                                          SHA1:A435BF58C9E58211CADA8EA1AF2891EA488E4DD2
                                                                                                                                                                                                          SHA-256:45AD5D854DEE4CA07F60B5BA89CF328DD7B216A0EF3232A2647D15BE38C6C4C0
                                                                                                                                                                                                          SHA-512:8208B64CD2FFA356DCAC8463188325B1AF88C0598F231EA0E36E74DEC64E0C50740FC3DB26790BF39FA30C0D457B910A7F9EEC8E2049C04F48C793B58452A7A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--mp3 sound extension....if oldcreateMemoryStream==nil then oldcreateMemoryStream = createMemoryStream end..function createMemoryStream().. local obj = oldcreateMemoryStream().. local oldwrite=obj.write.... obj.write = function (t,n) -- override default write.. local count=0.. for _,v in ipairs(t) do.. if count==n then break end.. oldwrite({v},1).. count=count+1.. end.. end.... obj.writeDword = function (v) obj.write(dwordToByteTable(v)) end.. obj.writeWord = function (v) obj.write(wordToByteTable(v)) end.... return obj..end......--convertMP3ToRIFFMP3(stream)..function convertMP3ToRIFFMP3(stream).. local riffmp3 = createMemoryStream().... local header = {.. 0x46464952,0x00000000,0x45564157,0x20746D66,0x0000001E,0x00020055,.. 0x0000AC44,0x00000000,0x00000001,0x0001000C,0x00000002,0x00010001,.. 0x61660571,0x00047463,0x2FF80000,0x61640014.. } -- default is 44100Hz , Stereo.... loca

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\versioncheck.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7574
                                                                                                                                                                                                          Entropy (8bit):4.744280698083541
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:J+/R0h8p0wyUYCCTLysSUDfH0HwjOtHdqFB2i6uMPV:LWBUDU9Er4V
                                                                                                                                                                                                          MD5:D609EA53AD996E63300E703ED98EAB08
                                                                                                                                                                                                          SHA1:8E19906C32BEE40E9A24CB82AB57D109AE11E038
                                                                                                                                                                                                          SHA-256:E0C48C9033C52F77AD7B1DF44E2BB81C2FEF868CE08D46054723BC8441F0C742
                                                                                                                                                                                                          SHA-512:CC85857D449F507477A12CB7D5BE31288BAECB3B41BD760EBF1BAD289771CC7EAAF608B74E421EDA948D0B45E02A6FC188474C0E926EAE20510C77D2AF8890A6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--version check update script for cheat engine..--Don't like it? Just delete this file. Easy as that....--For the translators:..if getTranslationFolder()~='' then.. loadPOFile(getTranslationFolder()..'VersionCheck.po')..end....local vsettings=getSettings("VersionCheck")....local VersionCheckThread....function CheckVersion(automatic).. --create a thread that will get the latest version and buildnumber.. if versionCheckThread==nil then.. versionCheckThread=createThread(function(t).. local i=getInternet('CEVersionCheck').. local r=i.getURL('https://cheatengine.org/latestversion.txt').... if r then.. local sl=createStringlist().. local newerVersion=false.. local latestVersionCompleteBuildNumber.. local latestVersionNumber.. local latestVersionString --separate for crap like 6.5.1 (can't show 6.51 to the user).. sl.Text=r.... if sl.Count<3 then.. t.synchronize(function().. if au

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\xml\is-M5NVQ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6083
                                                                                                                                                                                                          Entropy (8bit):4.574208772239494
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:j2S/HgQOsILKD/nMed210naDVOPkkmVBgB+CPcGhJpl:j2iHgQOsILKD/nMed210ngOPkkmVBPG3
                                                                                                                                                                                                          MD5:274946677CB1FB1C63A04AEB641E21D0
                                                                                                                                                                                                          SHA1:B4C71B59792773F20878E3BA582331CF4EA7D592
                                                                                                                                                                                                          SHA-256:05258E280F53C5905AE374F808F4383CFD0898F6E620D875136EDEB0FDBA34F5
                                                                                                                                                                                                          SHA-512:AAC74D0DA491AC3E9465964A3861F93EACD63D2C445C1F235FED444F60F9CE19D3BF5069BD012AE72593516DB96CA4A0FDFA07E83218466743551CBF1A6A64EF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--module(..., package.seeall)..local f={}....---------------------------------------------------------------------------------..---------------------------------------------------------------------------------..--..-- Original source: https://github.com/Cluain/Lua-Simple-XML-Parser..--..-- xml.lua - XML parser for use with the Corona SDK...--..-- version: 1.2..--..-- CHANGELOG:..--..-- 1.2 - Created new structure for returned table..-- 1.1 - Fixed base directory issue with the loadFile() function...--..-- NOTE: This is a modified version of Alexander Makeev's Lua-only XML parser..-- found here: http://lua-users.org/wiki/LuaXml..--..---------------------------------------------------------------------------------..---------------------------------------------------------------------------------..function f.newParser().... XmlParser = {};.... function XmlParser:ToXmlString(value).. value = string.gsub(value, "&", "&amp;"); -- '&' -> "&amp;".. value = string.gsub(value

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\autorun\xml\xmlSimple.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6083
                                                                                                                                                                                                          Entropy (8bit):4.574208772239494
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:j2S/HgQOsILKD/nMed210naDVOPkkmVBgB+CPcGhJpl:j2iHgQOsILKD/nMed210ngOPkkmVBPG3
                                                                                                                                                                                                          MD5:274946677CB1FB1C63A04AEB641E21D0
                                                                                                                                                                                                          SHA1:B4C71B59792773F20878E3BA582331CF4EA7D592
                                                                                                                                                                                                          SHA-256:05258E280F53C5905AE374F808F4383CFD0898F6E620D875136EDEB0FDBA34F5
                                                                                                                                                                                                          SHA-512:AAC74D0DA491AC3E9465964A3861F93EACD63D2C445C1F235FED444F60F9CE19D3BF5069BD012AE72593516DB96CA4A0FDFA07E83218466743551CBF1A6A64EF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--module(..., package.seeall)..local f={}....---------------------------------------------------------------------------------..---------------------------------------------------------------------------------..--..-- Original source: https://github.com/Cluain/Lua-Simple-XML-Parser..--..-- xml.lua - XML parser for use with the Corona SDK...--..-- version: 1.2..--..-- CHANGELOG:..--..-- 1.2 - Created new structure for returned table..-- 1.1 - Fixed base directory issue with the loadFile() function...--..-- NOTE: This is a modified version of Alexander Makeev's Lua-only XML parser..-- found here: http://lua-users.org/wiki/LuaXml..--..---------------------------------------------------------------------------------..---------------------------------------------------------------------------------..function f.newParser().... XmlParser = {};.... function XmlParser:ToXmlString(value).. value = string.gsub(value, "&", "&amp;"); -- '&' -> "&amp;".. value = string.gsub(value

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\bullet.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):187
                                                                                                                                                                                                          Entropy (8bit):5.975104411893651
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlg5UwjHTAadCmy9h/rywOia85Fxf1v1JClwBWfxvo4AzsOfdp:6v/lhP+KWHT19ghmIFxRiwBYFfAzswdp
                                                                                                                                                                                                          MD5:8BCC2E16763817795E4E81EC86457038
                                                                                                                                                                                                          SHA1:050BDB436ADC138D2559D96842A5DD39FA1CF315
                                                                                                                                                                                                          SHA-256:CDFC96FBA6EFD3F26C779B4A892AFFFC292D451CC94104C3272B258E17204D07
                                                                                                                                                                                                          SHA-512:E992395ABE6F058F3135F5734789C1F4865F865E763BBB10CCE371BCC191E9DD358C1C633C8597601695B73AC008FC864A1AF6920501731E9FCF1C26344ACC22
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............1.5;....bKGD..............pHYs..........+......tIME......%..{....HIDAT..}.... ......tD?&..LM..8....*.:...=/...mVb....U....@.V.".ge.?.~6r...4Nw..!....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\door.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):179
                                                                                                                                                                                                          Entropy (8bit):5.695302062158259
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlul4fRAadCmy9h/rywOievplxdGt0skV6UhhJnElnbgsrZsYp0rx1p:6v/lhPVfR19ghmFlyOho5gesE0Pp
                                                                                                                                                                                                          MD5:036394E78B67C1F5C2E1773B74D148E9
                                                                                                                                                                                                          SHA1:3B78B52F1C67BBA12A147BFCB805D6F913E70667
                                                                                                                                                                                                          SHA-256:96200DBE8BD64BDF2A85E1FE45FF2169FA08B080425A0F32E4F08A65D83CAB5B
                                                                                                                                                                                                          SHA-512:2156BD6E61EA3299F8CB83D9AB1A24062A7AAD743FCED71FBB108AE6F9FC5EBA72843D1619EFA5A9091402631739DDD960C17968B1A4A1027296CECC254C0E65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR..............\Dt....bKGD..............pHYs..........+......tIME........<.s...@IDAT8.c....?......0p.Y...H.......qE..........YHS....C.f....LG........6....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\infobutton.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 66 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):707
                                                                                                                                                                                                          Entropy (8bit):7.4418596058676645
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7GmBjAkh8fjIqLe7yagUPqvMPwE5t7frC1Tt00JETw0jg3Or2ksPd:/mBjAkh8fsqa7W2wEPDov3oQl
                                                                                                                                                                                                          MD5:45E0091B87215F768F524DBBEDEDD74E
                                                                                                                                                                                                          SHA1:9835B0E117146128C5EED7E43FBE1602C5C1BC23
                                                                                                                                                                                                          SHA-256:576467863491FAEDE8053F95BD0C66CF3C273F6B27A05984F81F51AA289191BE
                                                                                                                                                                                                          SHA-512:D627E4A81E32542A455A26B775E6CE30580658F4443CB84CF23022ADEC83A315264CE3FAEDD4315A62625843582396B76E994C6C0A91C2C63BB514B05B9ABE6B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...B...=...... ......bKGD..............pHYs..........+......tIME........-.%...PIDATh...1R.0...;?.W@E.".`.@..<.2?....R....4.M&...DCf.cY'..t2.....,..IFP..s...DD.~a.A.;*.......5.H.`... ..........F.....T....|.SQbA..As....` .B....B....810...@.H.......H....+.<.....(...\"B.F..u....]........~^..C7q..k.zp.Lh.p..{z.EG.. #.Z'........ w....c.^9*.!v....3.&.!>-Zp..../.... 7.......O...>.f.*y..3....G.....)=.......+G...... F...G....`.b+.QV..WB0.1.";.....F.~+.?.D..L.p7...j.0.~..R...W...T...N.Z..2~...j,..@....3bi.#4.&..&y..d3V.#j...k.,.K...C%...%..s..yj.....7sJK]A..&p.D_17.$^../..).Z"a6"..zd...ZO.Q B..@r.H..1.N.R1.A......)~:?...E. .".#...7xrA4~;.C..1.._....}J.T.&0.j....aL#/.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-1S6IF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 29 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):363
                                                                                                                                                                                                          Entropy (8bit):6.997646592515667
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhP2WwlqC19ghmqbMYO3RewQLzM1dVdsgj4TAqK4cOeQPJJEkGKWVp:6v/7WQ2KPPM1VjUAt/laKkGKU
                                                                                                                                                                                                          MD5:58967A69295A833A93B30E1A3D03C333
                                                                                                                                                                                                          SHA1:B0F984616A3EB0856284D6F5C98415510FB55E7F
                                                                                                                                                                                                          SHA-256:3278F339F9A3964D92C1BEF5C4E0A300C9C68587CDDA0F7A82B34FD73B95B409
                                                                                                                                                                                                          SHA-512:B1FA11ADB2DEBB9F5595DE056985BD39F9DF5A4F925DCDCFEB24A2BC500376C17FF42BF0644BD158D91C38CDD806C3AF7F2E22D041398EE092FE1C776FF86B85
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............q.6.....bKGD..............pHYs..........+......tIME.....03V.>.....IDATH...J.1......E;.].......x...Fg_.G.../.W.|S._....3h.".....Czv0i..A.!.KB...|Y{..2....../.VjS...'.k.x....v.?.@.U _..T.....\..4?:|LaL..K./8K/.......\...c...^.-p.K...U.s......gK..)...TY^..x.+N.5.........I...&waB.1jY,..'j.Y.b.v.N'?...4....o(J1v..T.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-8THT9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 67 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):619
                                                                                                                                                                                                          Entropy (8bit):7.419166205831757
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7mDiFdr85Wibc7ez5jD2rSafCbOSVZ/jUHxyZCPpIV7RFvIdhR:DUvibcKztD2rnCqSDgQZApMdFvIdD
                                                                                                                                                                                                          MD5:C9A2D0DC2F22EC069650A82E64CEBB71
                                                                                                                                                                                                          SHA1:4FCC6F1A04A19B75E64A84943135DACF68488E2F
                                                                                                                                                                                                          SHA-256:9EA075327886EA4157DF25A64D9402EC6ACBEF24EE06C1D5DA3AEF96197F26EC
                                                                                                                                                                                                          SHA-512:356299EE44CFA760098AF2CB1EDEF250A5DEC285C0338B49A7F37B9B2D661353C4C356FD1FBE586A0C3844A665FE9B1C2DA38C735B6ED26DDCADA68772E47744
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...C...>.....pv.l....bKGD..............pHYs..........(J.....tIME.....*........IDATx...Mr.0..`....g....e.\..:.fh.~.,...._.D.mpI:Zk.s>..cD..?....d.`V...fG.D.. . 8....g... ...... `B0..+N.........."!2..(G .."..^.....w ..t ?Fc.....a.}v..2.....6+.Cx.f...\F<.HV.h.....s<.J..7..e....E.W.1h;...++...C..\.}.....Ht..5......y......kL....h2..j.AhQ".J.1.....prY..X...(..~.7Vf.....7#.cC.{O...y...Dt\..i......=C{.e..+e./..J...].T...#.=M..jx......6..{w2}z1sF..q......<Af....M#.vI.k.NE.+.{.Vm....Z..1.H..G+H.J..X...e.ri/H.......>.....d.l.`...0a...-.:..{.P.o.Rn.o6....0.....2.[.&......IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-APRT7.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 66 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):707
                                                                                                                                                                                                          Entropy (8bit):7.4418596058676645
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7GmBjAkh8fjIqLe7yagUPqvMPwE5t7frC1Tt00JETw0jg3Or2ksPd:/mBjAkh8fsqa7W2wEPDov3oQl
                                                                                                                                                                                                          MD5:45E0091B87215F768F524DBBEDEDD74E
                                                                                                                                                                                                          SHA1:9835B0E117146128C5EED7E43FBE1602C5C1BC23
                                                                                                                                                                                                          SHA-256:576467863491FAEDE8053F95BD0C66CF3C273F6B27A05984F81F51AA289191BE
                                                                                                                                                                                                          SHA-512:D627E4A81E32542A455A26B775E6CE30580658F4443CB84CF23022ADEC83A315264CE3FAEDD4315A62625843582396B76E994C6C0A91C2C63BB514B05B9ABE6B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...B...=...... ......bKGD..............pHYs..........+......tIME........-.%...PIDATh...1R.0...;?.W@E.".`.@..<.2?....R....4.M&...DCf.cY'..t2.....,..IFP..s...DD.~a.A.;*.......5.H.`... ..........F.....T....|.SQbA..As....` .B....B....810...@.H.......H....+.<.....(...\"B.F..u....]........~^..C7q..k.zp.Lh.p..{z.EG.. #.Z'........ w....c.^9*.!v....3.&.!>-Zp..../.... 7.......O...>.f.*y..3....G.....)=.......+G...... F...G....`.b+.QV..WB0.1.";.....F.~+.?.D..L.p7...j.0.~..R...W...T...N.Z..2~...j,..@....3bi.#4.&..&y..d3V.#j...k.,.K...C%...%..s..yj.....7sJK]A..&p.D_17.$^../..).Z"a6"..zd...ZO.Q B..@r.H..1.N.R1.A......)~:?...E. .".#...7xrA4~;.C..1.._....}J.T.&0.j....aL#/.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-BDIQL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):504
                                                                                                                                                                                                          Entropy (8bit):7.275571489523102
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7CxvhbFNUklTDVkB8TFMMOdlKKyYxAPG7AfGA4xCrx8Xv:55JN76B8TC5dlKKj7AeAif
                                                                                                                                                                                                          MD5:921DB78A66A3136C5866505D07BB29DD
                                                                                                                                                                                                          SHA1:B2E64DBE7E6DD9CDFA1590C8E4921796AAC81E7C
                                                                                                                                                                                                          SHA-256:62CCDA5C25930E2828891D7278A204DE4D3F35A2C6DA8CA029E9F859E34C4ABC
                                                                                                                                                                                                          SHA-512:A0B25C167E3DA1C2992473BDA15D7D10FAC0728421DD2CE27C165B8DB895E7CC349728382437D8F46EB38F0B36594DD0B3F3DC5912CF6FEF6FAB66D919F7CCFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME.......\5.....IDATH..1n.@.E...6.Uz."..p.."Q..9.e.%......H.)).%Mr.HH...$.:...l`w=."....._o.....8..5...`.S...~.5......"..9.!..S$("..3..8..4..C.....).....=....,d..d.pK.@2Zs..A.W*....o..I..-.Yk.A.{N..t@9...YKtH&j..%...Z.T.!.=n.~.!......T+.:.:.xV~..3...8..1.c(......;.T*..5w._.x...j.P=..7y......)..B..".)..3..M.+.-7....&!..h.._.|.v...P../.....k....R[.d..iM.j.TM...f..y@.j..U5..>...A...Y......|Y.c.1.A....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-C9MLF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 67 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):652
                                                                                                                                                                                                          Entropy (8bit):7.426141389563401
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7mDiFdklN0XVdLVd4tdOEMM018x56ps6zEL1J1lx70xbHYsAZhrljEXJ:DUklNmVdLV+dMM018ys5L15N0xLYhZBm
                                                                                                                                                                                                          MD5:BE0368A2650AAFCA0B6935E959BFF614
                                                                                                                                                                                                          SHA1:E55B9E3B7B49B04864E2254075385BACB25ACD12
                                                                                                                                                                                                          SHA-256:AED337C318176A195EC44E9ACC1D30FB1CC8154FF31F0ACB36DCC57867C50F20
                                                                                                                                                                                                          SHA-512:59E81D1EA29321E9BDA950188BBC4B531105B8907757EE7BCB1117724CB321F452D7930800D5E789A9BB9A4E38F1EED84E893123D8277196DA7B04CCDD4E6C64
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...C...>.....pv.l....bKGD..............pHYs..........(J.....tIME.....).........IDATx..=s. ...........P....k}.A.....9..... B%.m.V..{!B.HY;?.... .......f................B.."A..J..BH.; .....B..{.'.*(- ..".........7...........^...o:..l 4.9........g.*....y.N...5D!.J......Z..........&........zCmM..R..q..^.9......6.Pa...Al.....m.H<.?.{.x.....D....:.!."I.Z.,.I...g.....j...`$.!.....T..x.*B...J..{.S.m.?T!.}..uT0J.&I;.b/Dk.N..L....*~.@.U.. ..4...k.I.f....B....G. .\.!...!R.b.o+.t..qd.V..#..$.T.......C.Fsth4.!QG..@..f..R.....%.(....eh.........ZH.....je.\.@...B.c.(a....ra/...W93@Iw.7.....`".....E..H&.f....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-HGB3S.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 28 x 35, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):429
                                                                                                                                                                                                          Entropy (8bit):6.854308103958898
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7I7PI/kFxNu/V0T0fCKBKkJCPbK1lwEcJz:7PlPoBKaCTK1rcJz
                                                                                                                                                                                                          MD5:835A1AC950006E5E0CB1F296BEA85DB0
                                                                                                                                                                                                          SHA1:D07388741EED5F29C83802519FC7DB7FE86E8163
                                                                                                                                                                                                          SHA-256:C448D3B58A8336780D31CF73F87EA2805B5786A7DB985A48C3B3EE4B4BC4E2C0
                                                                                                                                                                                                          SHA-512:5F5EBA5A8EAACBE02A3C01D9E689AB169EAFF9F1C09F0DDB289E92287A809089E72D8ED5E2FDBC16476AB64B66ACB799D4F75B5929A2D08543E8DA5A407ADBA6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......#......!j.....sRGB.........gAMA......a.....pHYs..........(J.....bKGD..............tIME.......@M.9....IDATXGcdX.$.'....E/..,....&..[.......,.......:...n.....0....`3.b!.....".........f&J.R.2.@7.p.......[.AD.....`.YHD.a..zH.!r.Z......V...I..-$'8a..^.|x..a(........!.`.Z./.H....Cb|@./G..I.....?H!M}.e.[..(.4 ..........CX"....P.......l`.../0...jlmm.4...CRR':...Rk.|H{.....q...{>d`..1...o.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-HHLSI.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 66 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):723
                                                                                                                                                                                                          Entropy (8bit):7.502991938803606
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7G1sYhROoOG76OFtzvDM28m4mH8qGjGMXOKvnzAiWbPQK+BQuIlFA4lii:/1sYhRrOUn8AH8NjGMlAhr9iIV
                                                                                                                                                                                                          MD5:EEBEE9670CFBE610C723F0FBF219C836
                                                                                                                                                                                                          SHA1:35F843D45886AC31773BB437580B5B423923F911
                                                                                                                                                                                                          SHA-256:CF3B603A78EAA24C63B082A4CD3936C139CD1885B6D3E60BA58FD47201BD374E
                                                                                                                                                                                                          SHA-512:C71AE264BF958A95E741B58BD1BBBE9ED975281EDBD95B25D1C5479E6EDA9C85B4DFC861B7B72B6A566B158E495B12CC835B17A4F5A35B32B6361E0F984BFF65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...B...=...... ......bKGD..............pHYs..........+......tIME......$...S...`IDATh...MJ.@.........".Bv.....7p..[..v.......,...i5..B......7Ig..43?.3yi'..[...3.........Qb..<x.(...%...@..6.t.k.[.....H...).R.P..(. X'..........Q.Q.@....@S...: 2.l.BU.AY.8*..#v..;.J2v....`.!....4.B....t..X....`>...\.]...4I.......8..<:...Tx.X.0....X./...%p.1.W.A.....e...Nf..ES.....cx..o..0..L..S#.......;0......^.....([.x..kx..j...{p...0.?...0.rL~.6B.`t.nT..+.3.|..].O..$...../Q_..,..$....v......e...)p..|.a........O...%..j[;@. .6=d...y.....aj4lz..C..m.Bij....=W%.6.o.}ETk...m.;..u.#.../I..}.....=T.]u*.2.N U.. .cX.y..a...^l..j...M@.D......a....<UA..$.@..a.......}R.x.$p.W..}...)4[8.q.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-I9J88.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):179
                                                                                                                                                                                                          Entropy (8bit):5.695302062158259
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlul4fRAadCmy9h/rywOievplxdGt0skV6UhhJnElnbgsrZsYp0rx1p:6v/lhPVfR19ghmFlyOho5gesE0Pp
                                                                                                                                                                                                          MD5:036394E78B67C1F5C2E1773B74D148E9
                                                                                                                                                                                                          SHA1:3B78B52F1C67BBA12A147BFCB805D6F913E70667
                                                                                                                                                                                                          SHA-256:96200DBE8BD64BDF2A85E1FE45FF2169FA08B080425A0F32E4F08A65D83CAB5B
                                                                                                                                                                                                          SHA-512:2156BD6E61EA3299F8CB83D9AB1A24062A7AAD743FCED71FBB108AE6F9FC5EBA72843D1619EFA5A9091402631739DDD960C17968B1A4A1027296CECC254C0E65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR..............\Dt....bKGD..............pHYs..........+......tIME........<.s...@IDAT8.c....?......0p.Y...H.......qE..........YHS....C.f....LG........6....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-J6PU7.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):597
                                                                                                                                                                                                          Entropy (8bit):7.446044912854569
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7NZFGnsl0cBhl9iF1Qhn9MfpUL7toskF5LGAim0ocq3nwwKKiN:i8slXGF1QhnKKLGi83iN
                                                                                                                                                                                                          MD5:8F1AF33632BEB4885863AB973CD781E6
                                                                                                                                                                                                          SHA1:547580EBBA11F0E51E68933F4355BBF981B2E306
                                                                                                                                                                                                          SHA-256:01698B5F5990658505BEB654446B367D5CCBA0FCA1D893D1C17E79489C379B29
                                                                                                                                                                                                          SHA-512:696CF1C9831B2528A6040F1F9DF38CACE6F5B992882F2BC48814EC88834921A558F2F0E55FB9921764A0DF885CC50B9A8D191CC3291903D0A6B58F140BFFAF64
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR..............\Dt....bKGD..............pHYs..........+......tIME......:........IDAT8..KVQ....y.$...!R\.I\.tqqpr...s.@..qs...%0.E......I.....Z..... .Po.y.^.....{......{.sB^.%.f1.W.....50...(.j..p......S5.SI...b..<..lt.6...,...8...u..%]...b..&6....M4...2...`.u0...s..Wlc.....N.E..E..Vr.FR.?.Y..q.... .U...F..I.......Y.op.....y..D......3i..y........,.K. .J..&.Yz..*.M[..........!..I......ld1|i..2.E.a,....S.#y..Y..i.O.....(.b..m..L.|%........1.R..9/....X.Y,&.5.4>..|....m..(o..b......c...=.S.;...N.CH[..^f1..qb<O}.~......'.V._....b.^.t...M..K'.K....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-KPS6A.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):187
                                                                                                                                                                                                          Entropy (8bit):5.975104411893651
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:yionv//thPlg5UwjHTAadCmy9h/rywOia85Fxf1v1JClwBWfxvo4AzsOfdp:6v/lhP+KWHT19ghmIFxRiwBYFfAzswdp
                                                                                                                                                                                                          MD5:8BCC2E16763817795E4E81EC86457038
                                                                                                                                                                                                          SHA1:050BDB436ADC138D2559D96842A5DD39FA1CF315
                                                                                                                                                                                                          SHA-256:CDFC96FBA6EFD3F26C779B4A892AFFFC292D451CC94104C3272B258E17204D07
                                                                                                                                                                                                          SHA-512:E992395ABE6F058F3135F5734789C1F4865F865E763BBB10CCE371BCC191E9DD358C1C633C8597601695B73AC008FC864A1AF6920501731E9FCF1C26344ACC22
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............1.5;....bKGD..............pHYs..........+......tIME......%..{....HIDAT..}.... ......tD?&..LM..8....*.:...=/...mVb....U....@.V.".ge.?.~6r...4Nw..!....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-LRQNB.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 32 x 80, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1603
                                                                                                                                                                                                          Entropy (8bit):7.766393035061922
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:tOvzUQQyWWYpwUbDBHeNAbVp42j5dMa5H:tWU/yWWYjbDBf4Cv7h
                                                                                                                                                                                                          MD5:F6264DDCEA613DC98D253BCB9B1FE484
                                                                                                                                                                                                          SHA1:FB85C887F5EF5440FE9837D7A8E578DBDE4DDB8B
                                                                                                                                                                                                          SHA-256:283DD43C10FF331011938D962F9B49C4D85D92AC044DC779A9EAE38640FD62DE
                                                                                                                                                                                                          SHA-512:CE052311662DBBF39D86963F0ACAA42713735101F15A16839584E1D6EACFB5FDA68381EDCB52F226A14D0B217B95FA4D5AD44186CF4A02830C52EE74CA617F42
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR... ...P.....xXw5....bKGD..............pHYs..........+......tIME......2Z......IDATh..kl.U....-..bk.H"zJ.(1. ..`.......*.4."..T..,..~...`..I5E...J.`J.......(D.....P.....~.,......I6.3s.....{.=wB.X....e.B..x.....|....E...$......6.k}...T.H[F..j.p..PD....Nb......v.O..U...@.2WD~..@U...dN.E.3..T...5%,.|..5%.......Z.x<..u....q=LmM).u.V..X2},..E..^_..r7>.9..v\.5.eS.h...j4..&.....p.cSY..^...w..H.. .~...nT..`EU;.wDYQ.N.r..xe...mS..4T.N.(.Wl./...e.\}..*o..o..p?...S....i~....H._.88...^..v.n.E........z.u.AO....A..y.A[g....w...*c....-....$....t.....Y...O...!v..........@XU.,zjn......S>....m.C(..x.._Uca.AU......x;6b...]H.D..c!h.:...cl..0..u.".H..@D^.HH>.h)F..&CO....I. .....|'......|a1>...;....G.J....K....Uu..)..QN..Gv....a.K[<p3....H.G.V..L...*"..0..Xb.["".B.H.3`..B+Pn8N).&....[..E..j{.e.=..HM..<'.t'.'.."...R\.+.....AD^...Tu.p..4.{..].....S"....Uu4...f)...f.H.g8V.I..,.@DB.c.....Y...o8..%..$M.Tu<p...rY4./._..1AD.'b`#...C....f..R.....F.[}@U.....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-M2V7O.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 178 x 111, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5886
                                                                                                                                                                                                          Entropy (8bit):7.9428678398148485
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:9fJTvp2iAJf329FCfsjYsvEG56SyjfEa186J70Lhvxg+NVE:9dvpPA129FC0WSyj06t0LNx3NVE
                                                                                                                                                                                                          MD5:5CFF22E5655D267B559261C37A423871
                                                                                                                                                                                                          SHA1:B60AE22DFD7843DD1522663A3F46B3E505744B0F
                                                                                                                                                                                                          SHA-256:A8D8227B8E97A713E0F1F5DB5286B3DB786B7148C1C8EB3D4BBFE683DC940DB9
                                                                                                                                                                                                          SHA-512:E00F5B4A7FA1989382DF800D168871530917FCD99EFCFE4418EF1B7E8473CAEA015F0B252CAC6A982BE93B5D873F4E9ACDB460C8E03AE1C6EEA9C37F84105E50
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......o.....H*......bKGD..............pHYs..........+......tIME......,.<.....IDATx..{.TU~.?.....a.D..F..].....e.-....R....A.*SX[....T.Xn.J.I*..P$.......F..v.F....d...1......?..pO...<....u...w.{......;...8..2Q.f.....1....g.......V...c....J).:#.-.....}..VJA.....<^.7.<b..l...4.l.l..N..$ g.....b.t*.}..V....7g.Y.[).0.,..R.`..;..w-..V....qQ\!.b,%..6..'.*..L.37.<..l_.........Y`6....0...MQ.......5.......H..&z.@.j.(Ol..R.J...f.(.....<.m.j...}5.Owy......c.z|.L..e.{..|i...{]....m..H..3R.E...^..D.u...N...,...K......^C#..>.~.<......r4.\...D.gg..W..5.........u.l...~..&..`-.:8.....X.o..W.dw...8.a....Iw.D.gg'O.S.?~.f.~.=`;p..........f.\....... ..y.....?....a...f..+Gm..WQh..hGX......y..h.f...1....9j\..>xq]...5.......+...ndK./6.K_E....h....K@"..&....8......p....d6.....$....I.C.&..rA.]...<.........f&i.'...P.3-.\.$...|.>..V'kt..<.4..A...X][............PQq.A8../._.dh.\I..O>5.q...q.....].../.z.M kk4*...: /... .....#8..c....ah..>..T..:...ay..l

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-NS0EV.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):527
                                                                                                                                                                                                          Entropy (8bit):7.318123094870197
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7CxqPIQ2+gvx+GZgCqWeJImCZx93IKOncOD:58DM4CJqWeizhZCcOD
                                                                                                                                                                                                          MD5:2D9E64B327D7DA0985A12E7E0A5425F4
                                                                                                                                                                                                          SHA1:00C63CA44D76210664A3FAD141E15A9A5A41720C
                                                                                                                                                                                                          SHA-256:D6B4699B0F3F69472163785DD20592C8BBB45FFF3843CB75D09CA9AF8AF66CB8
                                                                                                                                                                                                          SHA-512:27AFC9ACEC960911193EC1F3E939C5594DB0D0EA40A3590BBC9F24F0A51B1B5391696F9FC66042F2A475F539D7709EB04CEAE8A6741B58A8AE7F076C6D681A4B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME......&...i....IDATH..?N.0...vm#eb..J=@r...:p......=..\.....,p..Jao.H.+...&4..R.......g. ..@R...I..........B.C..B.WHS.Y..!...YP...-..P!....*d..N...i"..0L.....O......_..N.:.....i0...R.@....*..W.K}<../...^..;...j..n.l..u.J.S.^..<.}.t+...$.".q.....td.z}..R....r.r....3.5.(rn1."h.......T.:9........&...5.......0.`.....r..K.*.<. .8.mB2...}...>.6D[B.5.J.^+.......2.....i+.j.VM.3...7..J\..l..|.....O..8........0..Q{:....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-P70KL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):505
                                                                                                                                                                                                          Entropy (8bit):7.311302195073986
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7CxmVcG25JcQqCKNaPzPmsI+BRBN3TMj2QQ:5oVDW2+BV37h
                                                                                                                                                                                                          MD5:8A33D6B05882AB755DFC9EE9C30526E1
                                                                                                                                                                                                          SHA1:FCFF4675AAE6CA1DD1AC67276779E023F33BC7FF
                                                                                                                                                                                                          SHA-256:234923BC14F06948F335599612BAE4E7CC422A8F6B8C0DEE34612618874A4149
                                                                                                                                                                                                          SHA-512:3FD3A3827DFD409B37FEE63547527A778AF589895D8136279FB3C4940EFB166017951FE5B0E30BCA95D19E57FD63DB38C6D21CF439084492FBC1287820260207
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME.........d....IDATH.U1O.@.}_u...d.[.....?...B\]...,n]\.1)1...F..I#..e.D......w.q$.4..}...zWbf....d.h|~..H5...9...i..h.`.:...r"tR..f.=K?..4.I..vO..&0^..W{...t.W%t[ d./...%.......Z..f........<..sw..6v:....8o..R..g...2....J0..c.....^....1..iVUM_.eU.I...s2z..B.....a.......x.....67.Q@..F|..._...;.'...jL.R....jLk...mD.4AuX.%"..h... Vk...F.....i....-c0.R.[FR...lLge.(...-MH^.....=D.q..!..}D......Y..)....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\is-Q6A3Q.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 178 x 111, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5886
                                                                                                                                                                                                          Entropy (8bit):7.9428678398148485
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:9fJTvp2iAJf329FCfsjYsvEG56SyjfEa186J70Lhvxg+NVE:9dvpPA129FC0WSyj06t0LNx3NVE
                                                                                                                                                                                                          MD5:5CFF22E5655D267B559261C37A423871
                                                                                                                                                                                                          SHA1:B60AE22DFD7843DD1522663A3F46B3E505744B0F
                                                                                                                                                                                                          SHA-256:A8D8227B8E97A713E0F1F5DB5286B3DB786B7148C1C8EB3D4BBFE683DC940DB9
                                                                                                                                                                                                          SHA-512:E00F5B4A7FA1989382DF800D168871530917FCD99EFCFE4418EF1B7E8473CAEA015F0B252CAC6A982BE93B5D873F4E9ACDB460C8E03AE1C6EEA9C37F84105E50
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......o.....H*......bKGD..............pHYs..........+......tIME......,.<.....IDATx..{.TU~.?.....a.D..F..].....e.-....R....A.*SX[....T.Xn.J.I*..P$.......F..v.F....d...1......?..pO...<....u...w.{......;...8..2Q.f.....1....g.......V...c....J).:#.-.....}..VJA.....<^.7.<b..l...4.l.l..N..$ g.....b.t*.}..V....7g.Y.[).0.,..R.`..;..w-..V....qQ\!.b,%..6..'.*..L.37.<..l_.........Y`6....0...MQ.......5.......H..&z.@.j.(Ol..R.J...f.(.....<.m.j...}5.Owy......c.z|.L..e.{..|i...{]....m..H..3R.E...^..D.u...N...,...K......^C#..>.~.<......r4.\...D.gg..W..5.........u.l...~..&..`-.:8.....X.o..W.dw...8.a....Iw.D.gg'O.S.?~.f.~.=`;p..........f.\....... ..y.....?....a...f..+Gm..WQh..hGX......y..h.f...1....9j\..>xq]...5.......+...ndK./6.K_E....h....K@"..&....8......p....d6.....$....I.C.&..rA.]...<.........f&i.'...P.3-.\.$...|.>..V'kt..<.4..A...X][............PQq.A8../._.dh.\I..O>5.q...q.....].../.z.M kk4*...: /... .....#8..c....ah..>..T..:...ay..l

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\lock.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):597
                                                                                                                                                                                                          Entropy (8bit):7.446044912854569
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7NZFGnsl0cBhl9iF1Qhn9MfpUL7toskF5LGAim0ocq3nwwKKiN:i8slXGF1QhnKKLGi83iN
                                                                                                                                                                                                          MD5:8F1AF33632BEB4885863AB973CD781E6
                                                                                                                                                                                                          SHA1:547580EBBA11F0E51E68933F4355BBF981B2E306
                                                                                                                                                                                                          SHA-256:01698B5F5990658505BEB654446B367D5CCBA0FCA1D893D1C17E79489C379B29
                                                                                                                                                                                                          SHA-512:696CF1C9831B2528A6040F1F9DF38CACE6F5B992882F2BC48814EC88834921A558F2F0E55FB9921764A0DF885CC50B9A8D191CC3291903D0A6B58F140BFFAF64
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR..............\Dt....bKGD..............pHYs..........+......tIME......:........IDAT8..KVQ....y.$...!R\.I\.tqqpr...s.@..qs...%0.E......I.....Z..... .Po.y.^.....{......{.sB^.%.f1.W.....50...(.j..p......S5.SI...b..<..lt.6...,...8...u..%]...b..&6....M4...2...`.u0...s..Wlc.....N.E..E..Vr.FR.?.Y..q.... .U...F..I.......Y.op.....y..D......3i..y........,.K. .J..&.Yz..*.M[..........!..I......ld1|i..2.E.a,....S.#y..Y..i.O.....(.b..m..L.|%........1.R..9/....X.Y,&.5.4>..|....m..(o..b......c...=.S.;...N.CH[..^f1..qb<O}.~......'.V._....b.^.t...M..K'.K....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\pausebutton.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 66 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):723
                                                                                                                                                                                                          Entropy (8bit):7.502991938803606
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7G1sYhROoOG76OFtzvDM28m4mH8qGjGMXOKvnzAiWbPQK+BQuIlFA4lii:/1sYhRrOUn8AH8NjGMlAhr9iIV
                                                                                                                                                                                                          MD5:EEBEE9670CFBE610C723F0FBF219C836
                                                                                                                                                                                                          SHA1:35F843D45886AC31773BB437580B5B423923F911
                                                                                                                                                                                                          SHA-256:CF3B603A78EAA24C63B082A4CD3936C139CD1885B6D3E60BA58FD47201BD374E
                                                                                                                                                                                                          SHA-512:C71AE264BF958A95E741B58BD1BBBE9ED975281EDBD95B25D1C5479E6EDA9C85B4DFC861B7B72B6A566B158E495B12CC835B17A4F5A35B32B6361E0F984BFF65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...B...=...... ......bKGD..............pHYs..........+......tIME......$...S...`IDATh...MJ.@.........".Bv.....7p..[..v.......,...i5..B......7Ig..43?.3yi'..[...3.........Qb..<x.(...%...@..6.t.k.[.....H...).R.P..(. X'..........Q.Q.@....@S...: 2.l.BU.AY.8*..#v..;.J2v....`.!....4.B....t..X....`>...\.]...4I.......8..<:...Tx.X.0....X./...%p.1.W.A.....e...Nf..ES.....cx..o..0..L..S#.......;0......^.....([.x..kx..j...{p...0.?...0.rL~.6B.`t.nT..+.3.|..].O..$...../Q_..,..$....v......e...)p..|.a........O...%..j[;@. .6=d...y.....aj4lz..C..m.Bij....=W%.6.o.}ETk...m.;..u.#.../I..}.....=T.]u*.2.N U.. .cX.y..a...^l..j...M@.D......a....<UA..$.@..a.......}R.x.$p.W..}...)4[8.q.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\platformenemy.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 29 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):363
                                                                                                                                                                                                          Entropy (8bit):6.997646592515667
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:6v/lhP2WwlqC19ghmqbMYO3RewQLzM1dVdsgj4TAqK4cOeQPJJEkGKWVp:6v/7WQ2KPPM1VjUAt/laKkGKU
                                                                                                                                                                                                          MD5:58967A69295A833A93B30E1A3D03C333
                                                                                                                                                                                                          SHA1:B0F984616A3EB0856284D6F5C98415510FB55E7F
                                                                                                                                                                                                          SHA-256:3278F339F9A3964D92C1BEF5C4E0A300C9C68587CDDA0F7A82B34FD73B95B409
                                                                                                                                                                                                          SHA-512:B1FA11ADB2DEBB9F5595DE056985BD39F9DF5A4F925DCDCFEB24A2BC500376C17FF42BF0644BD158D91C38CDD806C3AF7F2E22D041398EE092FE1C776FF86B85
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............q.6.....bKGD..............pHYs..........+......tIME.....03V.>.....IDATH...J.1......E;.].......x...Fg_.G.../.W.|S._....3h.".....Czv0i..A.!.KB...|Y{..2....../.VjS...'.k.x....v.?.@.U _..T.....\..4?:|LaL..K./8K/.......\...c...^.-p.K...U.s......gK..)...TY^..x.+N.5.........I...&waB.1jY,..'j.Y.b.v.N'?...4....o(J1v..T.....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\platformplayer.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 32 x 80, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1603
                                                                                                                                                                                                          Entropy (8bit):7.766393035061922
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:tOvzUQQyWWYpwUbDBHeNAbVp42j5dMa5H:tWU/yWWYjbDBf4Cv7h
                                                                                                                                                                                                          MD5:F6264DDCEA613DC98D253BCB9B1FE484
                                                                                                                                                                                                          SHA1:FB85C887F5EF5440FE9837D7A8E578DBDE4DDB8B
                                                                                                                                                                                                          SHA-256:283DD43C10FF331011938D962F9B49C4D85D92AC044DC779A9EAE38640FD62DE
                                                                                                                                                                                                          SHA-512:CE052311662DBBF39D86963F0ACAA42713735101F15A16839584E1D6EACFB5FDA68381EDCB52F226A14D0B217B95FA4D5AD44186CF4A02830C52EE74CA617F42
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR... ...P.....xXw5....bKGD..............pHYs..........+......tIME......2Z......IDATh..kl.U....-..bk.H"zJ.(1. ..`.......*.4."..T..,..~...`..I5E...J.`J.......(D.....P.....~.,......I6.3s.....{.=wB.X....e.B..x.....|....E...$......6.k}...T.H[F..j.p..PD....Nb......v.O..U...@.2WD~..@U...dN.E.3..T...5%,.|..5%.......Z.x<..u....q=LmM).u.V..X2},..E..^_..r7>.9..v\.5.eS.h...j4..&.....p.cSY..^...w..H.. .~...nT..`EU;.wDYQ.N.r..xe...mS..4T.N.(.Wl./...e.\}..*o..o..p?...S....i~....H._.88...^..v.n.E........z.u.AO....A..y.A[g....w...*c....-....$....t.....Y...O...!v..........@XU.,zjn......S>....m.C(..x.._Uca.AU......x;6b...]H.D..c!h.:...cl..0..u.".H..@D^.HH>.h)F..&CO....I. .....|'......|a1>...;....G.J....K....Uu..)..QN..Gv....a.K[<p3....H.G.V..L...*"..0..Xb.["".B.H.3`..B+Pn8N).&....[..E..j{.e.=..HM..<'.t'.'.."...R\.+.....AD^...Tu.p..4.{..].....S"....Uu4...f)...f.H.g8V.I..,.@DB.c.....Y...o8..%..$M.Tu<p...rY4./._..1AD.'b`#...C....f..R.....F.[}@U.....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\playership.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 28 x 35, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):429
                                                                                                                                                                                                          Entropy (8bit):6.854308103958898
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7I7PI/kFxNu/V0T0fCKBKkJCPbK1lwEcJz:7PlPoBKaCTK1rcJz
                                                                                                                                                                                                          MD5:835A1AC950006E5E0CB1F296BEA85DB0
                                                                                                                                                                                                          SHA1:D07388741EED5F29C83802519FC7DB7FE86E8163
                                                                                                                                                                                                          SHA-256:C448D3B58A8336780D31CF73F87EA2805B5786A7DB985A48C3B3EE4B4BC4E2C0
                                                                                                                                                                                                          SHA-512:5F5EBA5A8EAACBE02A3C01D9E689AB169EAFF9F1C09F0DDB289E92287A809089E72D8ED5E2FDBC16476AB64B66ACB799D4F75B5929A2D08543E8DA5A407ADBA6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......#......!j.....sRGB.........gAMA......a.....pHYs..........(J.....bKGD..............tIME.......@M.9....IDATXGcdX.$.'....E/..,....&..[.......,.......:...n.....0....`3.b!.....".........f&J.R.2.@7.p.......[.AD.....`.YHD.a..zH.!r.Z......V...I..-$'8a..^.|x..a(........!.`.Z./.H....Cb|@./G..I.....?H!M}.e.[..(.4 ..........CX"....P.......l`.../0...jlmm.4...CRR':...Rk.|H{.....q...{>d`..1...o.......IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 178 x 111, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5886
                                                                                                                                                                                                          Entropy (8bit):7.9428678398148485
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:9fJTvp2iAJf329FCfsjYsvEG56SyjfEa186J70Lhvxg+NVE:9dvpPA129FC0WSyj06t0LNx3NVE
                                                                                                                                                                                                          MD5:5CFF22E5655D267B559261C37A423871
                                                                                                                                                                                                          SHA1:B60AE22DFD7843DD1522663A3F46B3E505744B0F
                                                                                                                                                                                                          SHA-256:A8D8227B8E97A713E0F1F5DB5286B3DB786B7148C1C8EB3D4BBFE683DC940DB9
                                                                                                                                                                                                          SHA-512:E00F5B4A7FA1989382DF800D168871530917FCD99EFCFE4418EF1B7E8473CAEA015F0B252CAC6A982BE93B5D873F4E9ACDB460C8E03AE1C6EEA9C37F84105E50
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......o.....H*......bKGD..............pHYs..........+......tIME......,.<.....IDATx..{.TU~.?.....a.D..F..].....e.-....R....A.*SX[....T.Xn.J.I*..P$.......F..v.F....d...1......?..pO...<....u...w.{......;...8..2Q.f.....1....g.......V...c....J).:#.-.....}..VJA.....<^.7.<b..l...4.l.l..N..$ g.....b.t*.}..V....7g.Y.[).0.,..R.`..;..w-..V....qQ\!.b,%..6..'.*..L.37.<..l_.........Y`6....0...MQ.......5.......H..&z.@.j.(Ol..R.J...f.(.....<.m.j...}5.Owy......c.z|.L..e.{..|i...{]....m..H..3R.E...^..D.u...N...,...K......^C#..>.~.<......r4.\...D.gg..W..5.........u.l...~..&..`-.:8.....X.o..W.dw...8.a....Iw.D.gg'O.S.?~.f.~.=`;p..........f.\....... ..y.....?....a...f..+Gm..WQh..hGX......y..h.f...1....9j\..>xq]...5.......+...ndK./6.K_E....h....K@"..&....8......p....d6.....$....I.C.&..rA.]...<.........f&i.'...P.3-.\.$...|.>..V'kt..<.4..A...X][............PQq.A8../._.dh.\I..O>5.q...q.....].../.z.M kk4*...: /... .....#8..c....ah..>..T..:...ay..l

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\shieldedtarget.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 67 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):652
                                                                                                                                                                                                          Entropy (8bit):7.426141389563401
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7mDiFdklN0XVdLVd4tdOEMM018x56ps6zEL1J1lx70xbHYsAZhrljEXJ:DUklNmVdLV+dMM018ys5L15N0xLYhZBm
                                                                                                                                                                                                          MD5:BE0368A2650AAFCA0B6935E959BFF614
                                                                                                                                                                                                          SHA1:E55B9E3B7B49B04864E2254075385BACB25ACD12
                                                                                                                                                                                                          SHA-256:AED337C318176A195EC44E9ACC1D30FB1CC8154FF31F0ACB36DCC57867C50F20
                                                                                                                                                                                                          SHA-512:59E81D1EA29321E9BDA950188BBC4B531105B8907757EE7BCB1117724CB321F452D7930800D5E789A9BB9A4E38F1EED84E893123D8277196DA7B04CCDD4E6C64
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...C...>.....pv.l....bKGD..............pHYs..........(J.....tIME.....).........IDATx..=s. ...........P....k}.A.....9..... B%.m.V..{!B.HY;?.... .......f................B.."A..J..BH.; .....B..{.'.*(- ..".........7...........^...o:..l 4.9........g.*....y.N...5D!.J......Z..........&........zCmM..R..q..^.9......6.Pa...Al.....m.H<.?.{.x.....D....:.!."I.Z.,.I...g.....j...`$.!.....T..x.*B...J..{.S.m.?T!.}..uT0J.&I;.b/Dk.N..L....*~.@.U.. ..4...k.I.f....B....G. .\.!...!R.b.o+.t..qd.V..#..$.T.......C.Fsth4.!QG..@..f..R.....%.(....eh.........ZH.....je.\.@...B.c.(a....ra/...W93@Iw.7.....`".....E..H&.f....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\target.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 67 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):619
                                                                                                                                                                                                          Entropy (8bit):7.419166205831757
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7mDiFdr85Wibc7ez5jD2rSafCbOSVZ/jUHxyZCPpIV7RFvIdhR:DUvibcKztD2rnCqSDgQZApMdFvIdD
                                                                                                                                                                                                          MD5:C9A2D0DC2F22EC069650A82E64CEBB71
                                                                                                                                                                                                          SHA1:4FCC6F1A04A19B75E64A84943135DACF68488E2F
                                                                                                                                                                                                          SHA-256:9EA075327886EA4157DF25A64D9402EC6ACBEF24EE06C1D5DA3AEF96197F26EC
                                                                                                                                                                                                          SHA-512:356299EE44CFA760098AF2CB1EDEF250A5DEC285C0338B49A7F37B9B2D661353C4C356FD1FBE586A0C3844A665FE9B1C2DA38C735B6ED26DDCADA68772E47744
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...C...>.....pv.l....bKGD..............pHYs..........(J.....tIME.....*........IDATx...Mr.0..`....g....e.\..:.fh.~.,...._.D.mpI:Zk.s>..cD..?....d.`V...fG.D.. . 8....g... ...... `B0..+N.........."!2..(G .."..^.....w ..t ?Fc.....a.}v..2.....6+.Cx.f...\F<.HV.h.....s<.J..7..e....E.W.1h;...++...C..\.}.....Ht..5......y......kL....h2..j.AhQ".J.1.....prY..X...(..~.7Vf.....7#.cC.{O...y...Dt\..i......=C{.e..+e./..J...].T...#.=M..jx......6..{w2}z1sF..q......<Af....M#.vI.k.NE.+.{.Vm....Z..1.H..G+H.J..X...e.ri/H.......>.....d.l.`...0a...-.:..{.P.o.Rn.o6....0.....2.[.&......IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\xxx.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):505
                                                                                                                                                                                                          Entropy (8bit):7.311302195073986
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7CxmVcG25JcQqCKNaPzPmsI+BRBN3TMj2QQ:5oVDW2+BV37h
                                                                                                                                                                                                          MD5:8A33D6B05882AB755DFC9EE9C30526E1
                                                                                                                                                                                                          SHA1:FCFF4675AAE6CA1DD1AC67276779E023F33BC7FF
                                                                                                                                                                                                          SHA-256:234923BC14F06948F335599612BAE4E7CC422A8F6B8C0DEE34612618874A4149
                                                                                                                                                                                                          SHA-512:3FD3A3827DFD409B37FEE63547527A778AF589895D8136279FB3C4940EFB166017951FE5B0E30BCA95D19E57FD63DB38C6D21CF439084492FBC1287820260207
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME.........d....IDATH.U1O.@.}_u...d.[.....?...B\]...,n]\.1)1...F..I#..e.D......w.q$.4..}...zWbf....d.h|~..H5...9...i..h.`.:...r"tR..f.=K?..4.I..vO..&0^..W{...t.W%t[ d./...%.......Z..f........<..sw..6v:....8o..R..g...2....J0..c.....^....1..iVUM_.eU.I...s2z..B.....a.......x.....67.Q@..F|..._...;.'...jL.R....jLk...mD.4AuX.%"..h... Vk...F.....i....-c0.R.[FR...lLge.(...-MH^.....=D.q..!..}D......Y..)....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\xxx2.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):504
                                                                                                                                                                                                          Entropy (8bit):7.275571489523102
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7CxvhbFNUklTDVkB8TFMMOdlKKyYxAPG7AfGA4xCrx8Xv:55JN76B8TC5dlKKj7AeAif
                                                                                                                                                                                                          MD5:921DB78A66A3136C5866505D07BB29DD
                                                                                                                                                                                                          SHA1:B2E64DBE7E6DD9CDFA1590C8E4921796AAC81E7C
                                                                                                                                                                                                          SHA-256:62CCDA5C25930E2828891D7278A204DE4D3F35A2C6DA8CA029E9F859E34C4ABC
                                                                                                                                                                                                          SHA-512:A0B25C167E3DA1C2992473BDA15D7D10FAC0728421DD2CE27C165B8DB895E7CC349728382437D8F46EB38F0B36594DD0B3F3DC5912CF6FEF6FAB66D919F7CCFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME.......\5.....IDATH..1n.@.E...6.Uz."..p.."Q..9.e.%......H.)).%Mr.HH...$.:...l`w=."....._o.....8..5...`.S...~.5......"..9.!..S$("..3..8..4..C.....).....=....,d..d.pK.@2Zs..A.W*....o..I..-.Yk.A.{N..t@9...YKtH&j..%...Z.T.!.=n.~.!......T+.:.:.xV~..3...8..1.c(......;.T*..5w._.x...j.P=..7y......)..B..".)..3..M.+.-7....&!..h.._.|.v...P../.....k....R[.d..iM.j.TM...f..y@.j..U5..>...A...Y......|Y.c.1.A....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\badassets\xxx3.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PNG image data, 19 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):527
                                                                                                                                                                                                          Entropy (8bit):7.318123094870197
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:6v/7CxqPIQ2+gvx+GZgCqWeJImCZx93IKOncOD:58DM4CJqWeizhZCcOD
                                                                                                                                                                                                          MD5:2D9E64B327D7DA0985A12E7E0A5425F4
                                                                                                                                                                                                          SHA1:00C63CA44D76210664A3FAD141E15A9A5A41720C
                                                                                                                                                                                                          SHA-256:D6B4699B0F3F69472163785DD20592C8BBB45FFF3843CB75D09CA9AF8AF66CB8
                                                                                                                                                                                                          SHA-512:27AFC9ACEC960911193EC1F3E939C5594DB0D0EA40A3590BBC9F24F0A51B1B5391696F9FC66042F2A475F539D7709EB04CEAE8A6741B58A8AE7F076C6D681A4B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.............HZW.....bKGD..............pHYs..........+......tIME......&...i....IDATH..?N.0...vm#eb..J=@r...:p......=..\.....,p..Jao.H.+...&4..R.......g. ..@R...I..........B.C..B.WHS.Y..!...YP...-..P!....*d..N...i"..0L.....O......_..N.:.....i0...R.@....*..W.K}<../...^..;...j..n.l..u.J.S.^..<.}.t+...$.".q.....td.z}..R....r.r....3.5.(rn1."h.......T.:9........&...5.......0.`.....r..K.*.<. .8.mB2...}...>.6D[B.5.J.^+.......2.....i+.j.VM.3...7..J\..l..|.....O..8........0..Q{:....IEND.B`.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\ced3d10hook.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):131480
                                                                                                                                                                                                          Entropy (8bit):6.84563405497219
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja
                                                                                                                                                                                                          MD5:43DAC1F3CA6B48263029B348111E3255
                                                                                                                                                                                                          SHA1:9E399FDDC2A256292A07B5C3A16B1C8BDD8DA5C1
                                                                                                                                                                                                          SHA-256:148F12445F11A50EFBD23509139BF06A47D453E8514733B5A15868D10CC6E066
                                                                                                                                                                                                          SHA-512:6E77A429923B503FC08895995EB8817E36145169C2937DACC2DA92B846F45101846E98191AEB4F0F2F13FFF05D0836AA658F505A04208188278718166C5E3032
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[.;.:.h.:.h.:.h.h4h.:.h.h"h.:.h.h%h.:.hN.jh.:.hAh=h.:.h.:.h.:.h.h+h.:.h.h3h.:.h.h0h.:.hRich.:.h........................PE..L...~..S...........!.........h......wd.......@......................................EA....@.........................pr..G....j..P........................g......d....A..............................._..@............@..X............................text....,.......................... ..`.rdata...3...@...4...2..............@..@.data....0...........f..............@....rsrc................|..............@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\ced3d10hook64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):144280
                                                                                                                                                                                                          Entropy (8bit):6.553148474736184
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Kd3u82FbW5v1B9omLKfBbYWFhFCsfa5z8saPFZ1sL3OD1Ow:Kd+NFbWUMKfBTjFxfa5a1y4N
                                                                                                                                                                                                          MD5:0DAF9F07847CCEB0F0760BF5D770B8C1
                                                                                                                                                                                                          SHA1:992CC461F67ACEA58A866A78B6EEFB0CBCC3AAA1
                                                                                                                                                                                                          SHA-256:A2AC2BA27B0ED9ACC3F0EA1BEF9909A59169BC2EB16C979EF8E736A784BF2FA4
                                                                                                                                                                                                          SHA-512:B4DDA28721DE88A372AF39D4DFBA6E612CE06CC443D6A6D636334865A9F8CA555591FB36D9829B54BC0FB27F486D4F216D50F68E1C2DF067439FE8EBBF203B6A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q..7...d...d...d..Vd{..d..@d...d..Qd9..d...d...d.Id...d...dq..d.._d...d..Gd...d..Dd...dRich...d........PE..d...p..S.........." .....F...........t.......................................0............@.........................................p...G......P........................g... ..h...0c...............................................`...............................text...fD.......F.................. ..`.rdata...J...`...L...J..............@..@.data....<..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\ced3d11hook.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):140696
                                                                                                                                                                                                          Entropy (8bit):6.856834819192468
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:onOLYqoZQBD3m7bmVLcuVGpGXlWXQznQN8erRxQEmsYOT1GlERbo3iV8n/7DkCWy:o4YqoZNHi7VBAXvXMZ7ll3iyn3WOR3Oc
                                                                                                                                                                                                          MD5:42E2BF4210F8126E3D655218BD2AF2E4
                                                                                                                                                                                                          SHA1:78EFCB9138EB0C800451CF2BCC10E92A3ADF5B72
                                                                                                                                                                                                          SHA-256:1E30126BADFFFB231A605C6764DD98895208779EF440EA20015AB560263DD288
                                                                                                                                                                                                          SHA-512:C985988D0832CE26337F774B160AC369F2957C306A1D82FBBFFE87D9062AE5F3AF3C1209768CD574182669CD4495DBA26B6F1388814C0724A7812218B0B8DC74
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.u...&...&...&.@r&...&.@d&...&.@c&...&=.,&...&2@{&...&...&...&.@m&...&.@u&...&.@v&...&Rich...&........................PE..L...~..S...........!.....@...z......*l.......P......................................x.....@.........................`...G...l...P........................g...........Q.................................@............P..X............................text....>.......@.................. ..`.rdata...E...P...F...D..............@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\ced3d11hook64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):149912
                                                                                                                                                                                                          Entropy (8bit):6.586184520889439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:/20T06lYodB6ZcnHgSFulvfV0tYP/ipaQ8PFRBIiOBNOW:1Y6bdB6uHgSwtfV0+P/is1BIpD
                                                                                                                                                                                                          MD5:0EAAC872AADC457C87EE995BBF45A9C1
                                                                                                                                                                                                          SHA1:5E9E9B98F40424AD5397FC73C13B882D75499D27
                                                                                                                                                                                                          SHA-256:6F505CC5973687BBDA1C2D9AC8A635D333F57C12067C54DA7453D9448AB40B8F
                                                                                                                                                                                                          SHA-512:164D1E6EF537D44AC4C0FD90D3C708843A74AC2E08FA2B3F0FDD4A180401210847E0F7BB8EC3056F5DC1D5A54D3239C59FB37914CE7742A4C0EB81578657D24B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Pr.P.............As.e....Ae......At.:.....;......Al.........p....Az......Ab......Aa.....Rich............................PE..d...p..S.........." .....Z..........@|.......................................@......b.....@.............................................G.......P.... ...................g...0..h...0s...............................................p...............................text....Y.......Z.................. ..`.rdata...L...p...N...^..............@..@.data....<..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\ced3d9hook.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):127384
                                                                                                                                                                                                          Entropy (8bit):6.856313478886397
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:yq8Iw0TnMfrUEuKo+w/lT35oBqhSw3kmuqW3Crf0d3N1NsCeOEy6jCMpOEsC:yq8IdTMTyXUR2JJry3NreOnMpOu
                                                                                                                                                                                                          MD5:5F1A333671BF167730ED5F70C2C18008
                                                                                                                                                                                                          SHA1:C8233BBC6178BA646252C6566789B82A3296CAB5
                                                                                                                                                                                                          SHA-256:FD2A2B4FE4504C56347C35F24D566CC0510E81706175395D0A2BA26A013C4DAF
                                                                                                                                                                                                          SHA-512:6986D93E680B3776EB5700143FC35D60CA9DBBDF83498F8731C673F9FD77C8699A24A4849DB2A273AA991B8289E4D6C3142BBDE77E11F2FAF603DF43E8FEA105
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[.;.:.h.:.h.:.h.h8h.:.h.h.h.:.h.h)h.:.hN.fh.:.hAh1h.:.h.:.h.:.h.h'h.:.h.h?h.:.h.h<h.:.hRich.:.h........................PE..L...}..S...........!.........j......#T.......0......................................r.....@..........................c..b....Z..P........................g......<....1..............................(P..@............0..`............................text............................... ..`.rdata..r4...0...6... ..............@..@.data....0...p.......V..............@....rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\ced3d9hook64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):140184
                                                                                                                                                                                                          Entropy (8bit):6.5832665674944435
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:6UoPePVhoZB34/UWFdQomnRepTPFn35eoONSO2:j8ZBvWrnmnR2Un+
                                                                                                                                                                                                          MD5:61BA5199C4E601FA6340E46BEF0DFF2D
                                                                                                                                                                                                          SHA1:7C1A51D6D75B001BA1ACDE2ACB0919B939B392C3
                                                                                                                                                                                                          SHA-256:8783F06F7B123E16042BB0AF91FF196B698D3CD2AA930E3EA97CFC553D9FC0F4
                                                                                                                                                                                                          SHA-512:8CE180A622A5788BB66C5F3A4ABFDE62C858E86962F29091E9C157753088DDC826C67C51FF26567BFE2B75737897F14E6BB17EC89F52B525F6577097F1647D31
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.k6...e...e...e...e{..e...e...e...e9..e...e...e..e...e...es..e...e...e...e...e...e...eRich...e........PE..d...p..S.........." .....4...........b....................................... .......1....@......................................... ...b...D...P........................g......h...@S...............................................P...............................text....2.......4.................. ..`.rdata...L...P...N...8..............@..@.data....<..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\celua.txt (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (520), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):215333
                                                                                                                                                                                                          Entropy (8bit):4.786182096058482
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:VcIxsXTXvMeRTWJANaOOwubWiSe65oCmL/+5y/McvJVNry++Ctso2NwVWy+cOcEV:JLSRgun
                                                                                                                                                                                                          MD5:924416232DF99AEF96A2D9E8125AFE78
                                                                                                                                                                                                          SHA1:7F29A338CEFA00BE5FCDC8B94C41FFC31EE625B9
                                                                                                                                                                                                          SHA-256:77C6D324F03A8429BCE858824CFFFCFB7A50D39616D2F9D2729910E086F5AD9A
                                                                                                                                                                                                          SHA-512:470C55E302C86353584EEABB3510B4EFF6353ED16F549DB7C155B2C8283216F2B413D77C9FE20A12F6F55A07C9BE24614DF3A8F5B2CABF1597010249239D63F5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:List of CE specific functions and variables:....Global Variables:..TrainerOrigin : A variable that contains the path of the trainer that launched cheat engine (Only set when launched as a trainer)..process : A variable that contains the main modulename of the currently opened process..MainForm: The main ce gui..AddressList: The address list of the main ce gui......Global Functions:..getCEVersion(): Returns a floating point value specifying the version of cheat engine..getCheatEngineFileVersion(): Returns the full version data of the cheat engine version. A raw integer, and a table containing major, minor, release and build....getOperatingSystem(): Returns 0 if CE is running in Windows, 1 for Mac....darkMode(): Returns true if CE is running in windows Dark Mode. Has no effect on mac....activateProtection(): Prevents basic memory scanners from opening the cheat engine process (Not that useful)..enableDRM(altitude OPTIONAL, secondaryprocessid OPTIONAL ) : Prevents normal memory scanners f

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\ceregreset.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):309664
                                                                                                                                                                                                          Entropy (8bit):5.8237432164000404
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:TDwf7I4zq0ZDVQ5uIqp5rkenPajp80Gc5:T0f7Bz/G5uImQaPajp3
                                                                                                                                                                                                          MD5:59089C96334966EDFFC70BF4AE829910
                                                                                                                                                                                                          SHA1:8DC37D6F2364749D52DB1BCB9AD9FE30FB93930D
                                                                                                                                                                                                          SHA-256:49A55638C5A0F8112B89C45A24A2BCD102FF5DE2D22386649D7F6FFD283AF1FD
                                                                                                                                                                                                          SHA-512:3EDD411905298FDE78DF57B063B4B2000FA2D16F0E1A14E8940D4FBC2226C1CBA6925C47D3BECC10E76BBA9C5864CF671F5EF3B29CFA430823D0FA9BF9BBC3A9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................e.......).. .............@.........................................................................`..d....p...............N...k......|...........................P........................b...............................text....e.......f.................. ..`.data................j..............@....rdata...~..........................@..@.bss.....)... ...........................CRT.........P......................@....idata.......`......................@....rsrc........p......................@....reloc..|........0..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12807608
                                                                                                                                                                                                          Entropy (8bit):6.604078603198481
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:393216:ueBcnBaXXA3MnU+239JmqUKSw6knnbWUuMu25s8U:uis/c2GF
                                                                                                                                                                                                          MD5:5BE6A65F186CF219FA25BDD261616300
                                                                                                                                                                                                          SHA1:B5D5AE2477653ABD03B56D1C536C9A2A5C5F7487
                                                                                                                                                                                                          SHA-256:274E91A91A7A520F76C8E854DC42F96484AF2D69277312D861071BDE5A91991C
                                                                                                                                                                                                          SHA-512:69634D85F66127999EA4914A93B3B7C90BC8C8FAB1B458CFA6F21AB0216D1DACC50976354F7F010BB31C5873CC2D2C30B4A715397FB0E9E01A5233C2521E7716
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................./......&h..t...q...<.......@h...@.................................$........................................P...........................k..................................P@h......................\..L............................text....&h......(h................. ..`.data....t...@h..v...,h.............@....rdata..X.B...u...B...u.............@..@.bss.....q...............................CRT.........@......................@....idata...H...P...J..................@....rsrc............ .................@.../4..................................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe.sig (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):6.551821770808043
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:SNjBeQx+FGOujzBAk+skvy2a4nfJKnBTa6C:+jkk+dsAk+Fzag+BTab
                                                                                                                                                                                                          MD5:ADAFB7CDCA51FC803718F25172652DD3
                                                                                                                                                                                                          SHA1:DD882B60A842B0992F478349898415A857934330
                                                                                                                                                                                                          SHA-256:B1B61B2570DBAF2747C4862B8429424514D300A7E14B5065C8BBB4B751179E7E
                                                                                                                                                                                                          SHA-512:D0B3D17F0F1EFB8F2F0BCAA1295AED08043F0218BCFA092A47D46308911EC4BC2441711CAB300B852DE3DBCED1C83536750B1A77A75EAE5C8CBF95991AA88714
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.CaG.(9......q.5..4S..%..+...U*.>{5.......M.....-..kF.....7.."z..W.Lc...."6/.V.N..p.YC?...:m.D.k.T....u.0...c.U.h...\;1`.`B..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16708024
                                                                                                                                                                                                          Entropy (8bit):6.11289505731243
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:H/KthjnNWKtC5bqOrXSFjmnIQGQCW/4PRtYRN3Ticx8cP:fKthjnNWKtC5bqOrXSjmnxGQaTdy8c
                                                                                                                                                                                                          MD5:910DE25BD63B5DA521FC0B598920C4EC
                                                                                                                                                                                                          SHA1:94A15930AAF99F12B349BE80924857673CDC8566
                                                                                                                                                                                                          SHA-256:8CAEF5000B57BCA014EF33E962DF4FCA21AEAD0664892724674619EF732440AD
                                                                                                                                                                                                          SHA-512:6FF910BB4912FEA1FA8FD91E47AE6348C8BF2EFF4F2F5F9EF646A775CA1ECFEF02C23F81BAF6FE2D0B0BDDA7617D91DF52E75DC6063E86EA0444B0538CBD4E6C
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......{.....@....=........@......................................!.......................................................P...............p..L........k..................................p.{.(....................i..H............................text.....{.......{................. ..`.data.........{.......{.............@....rdata...qa......ra................@..@.pdata..L....p.......F..............@..@.bss....@....0...........................CRT.........@......................@....idata...b...P...d..................@....rsrc............ ...d..............@.../4......(...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe.sig (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):6.561254441246199
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:OP/KrtviZQl8kimG0bj/xeRBtjajKdp2tAdNQL6aj:8/XQl823j5eRBtOjK2tGNe6aj
                                                                                                                                                                                                          MD5:735EAEA06DAE6CD67680127419FBA366
                                                                                                                                                                                                          SHA1:A38126141A4266CDBA17B22CBC4588D88CCFCEB5
                                                                                                                                                                                                          SHA-256:5A2D3E0F10E3701DFB251C3F270B00493CEAD1C3D1CEB34FF976D70C57DC1B58
                                                                                                                                                                                                          SHA-512:92374BDC99BDDDCC2A8B74049B9FF1623EE03B505BA2607E31301F95F2DF8EF3513ECAD4491E2B6B61934F64816E3E9AD3FA3B0914E96D6E55A4B4DF4ED5E028
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:.....s.....N..-.........YI .....L.`0......H...Ko.Y....f....Z.pe....... ..)..3.Go...F..s.U.C....{../._U.}|.."*x..z..bn.D.>;....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16718264
                                                                                                                                                                                                          Entropy (8bit):6.110071636301838
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:393216:sjcp4nsiRMX7ZbqE14ImAfltGYav/HX8h:bbqE1RmLvvY
                                                                                                                                                                                                          MD5:EDEEF697CBF212B5ECFCD9C1D9A8803D
                                                                                                                                                                                                          SHA1:E90585899AE4B4385A6D0BF43C516C122E7883E2
                                                                                                                                                                                                          SHA-256:AC9BCC7813C0063BDCD36D8E4E79A59B22F6E95C2D74C65A4249C7D5319AE3F6
                                                                                                                                                                                                          SHA-512:1AAA8FC2F9FAFECBE88ABF07FBC97DC03A7C68CC1D870513E921BF3CAEAA97128583293BF5078A69AECBB93BF1E531605B36BD756984DB8D703784627D1877D1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......{..........=........@......................................e.......................................................p...........................k..................................p.|.(.......................H............................text.....{.......{................. ..`.data.........|.......{.............@....rdata...xa......za................@..@.pdata...............n..............@..@.bss.........P...........................CRT.........`.......&..............@....idata...b...p...d...(..............@....rsrc............ ..................@.../4..................................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe.sig (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):6.608714005689305
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:/toxN4m4GbUss7S2tY1wnwi9DU4liplagVMlWqOUFgaUSR708:Lm4GbnkSHunwlaiplNmlVOUaar08
                                                                                                                                                                                                          MD5:FE5E5B8B50F441DD772BFA1996AC744E
                                                                                                                                                                                                          SHA1:11D00533ADE98E94C7C6609F4E4B002A94CB440C
                                                                                                                                                                                                          SHA-256:A769BC72C97106722BF5CE8D76AFDC3EC54FC38931872B0637D8B7A281FFFE22
                                                                                                                                                                                                          SHA-512:559FB92A2C58B84AC1CDA6115AA175B0285EA98903EB1F6C91E3A0ECF39F6D667711F97D0EFF8CD98BA25256EC7B339E38D892A90186DB482587E1A80462A6EB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.^..'....'..d.]-+4.].....Q..m...bs...w.M.kTBU..5C...e.....].a..0.N+rF^.-..\......f...B).#H......XM....Ej`.q....I.3p...p:.(.Y

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\clibs32\is-NCEC0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):109568
                                                                                                                                                                                                          Entropy (8bit):6.474745502920158
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:3jVqSAqTNsYdNB3XT8le/lqWG3v0ESpz7cv+qsWjcd4JJ:3jgYd3T88Up/0wu+J
                                                                                                                                                                                                          MD5:B0A3CB1FC2B5195842E8BF12FD9B87F4
                                                                                                                                                                                                          SHA1:EDC423C35A48EFFC139A224C10D1EDDE42B31BCE
                                                                                                                                                                                                          SHA-256:D39677CF84E33E4A55494D0AB4873B9F3BE16F83AD381B72B14D6C62CEF71518
                                                                                                                                                                                                          SHA-512:B93B073021DD63E4383CC2370D003CA058236A3E0860E034515EA894F6995B0ED4F198CB471CB2A5E0BF4330A4D84FBDA254C5A6F367781CD4A47B9C16D9371D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.!...!...!...se..!...s[..!...sd.?!..|.O..!...XY..!...!..'!....`..!....X..!...s_..!....Z..!..Rich.!..........................PE..L...b9/V...........!.....$..........84.......@............................................@.............................F...(...<...................................0B..8...........................x...@............@...............................text...{".......$.................. ..`.rdata...X...@...Z...(..............@..@.data....2..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\clibs32\lfs.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):109568
                                                                                                                                                                                                          Entropy (8bit):6.474745502920158
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:3jVqSAqTNsYdNB3XT8le/lqWG3v0ESpz7cv+qsWjcd4JJ:3jgYd3T88Up/0wu+J
                                                                                                                                                                                                          MD5:B0A3CB1FC2B5195842E8BF12FD9B87F4
                                                                                                                                                                                                          SHA1:EDC423C35A48EFFC139A224C10D1EDDE42B31BCE
                                                                                                                                                                                                          SHA-256:D39677CF84E33E4A55494D0AB4873B9F3BE16F83AD381B72B14D6C62CEF71518
                                                                                                                                                                                                          SHA-512:B93B073021DD63E4383CC2370D003CA058236A3E0860E034515EA894F6995B0ED4F198CB471CB2A5E0BF4330A4D84FBDA254C5A6F367781CD4A47B9C16D9371D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.!...!...!...se..!...s[..!...sd.?!..|.O..!...XY..!...!..'!....`..!....X..!...s_..!....Z..!..Rich.!..........................PE..L...b9/V...........!.....$..........84.......@............................................@.............................F...(...<...................................0B..8...........................x...@............@...............................text...{".......$.................. ..`.rdata...X...@...Z...(..............@..@.data....2..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\clibs64\is-JPS54.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):128000
                                                                                                                                                                                                          Entropy (8bit):6.022352271630432
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:BzlRkrowTiYa0u6lQUf3V/4MSfayysXZzjGRobJy:BRylTHa+/yMByyupY
                                                                                                                                                                                                          MD5:5E8AD34FF069B6A2E1AE00BDFE96B612
                                                                                                                                                                                                          SHA1:3C83AA3EBD95D9A060ED1F06E236E046C6CD93A7
                                                                                                                                                                                                          SHA-256:4EE8D3375F2EEB8E5AFB230D13C2CF9EE0379B0EDFA76AD8DBF5EBC686A629C1
                                                                                                                                                                                                          SHA-512:54404199C3B5B3597DC8FB5A6E3C6772F2729045AA5C9AEE648C4306358481DEF2BC15538899AB5E0F5E33D202CEC863348830A090B144E00D1662CCF4175828
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dr[. .5. .5. .5.fB...5.fB...5.fB.).5.....".5.]j.#.5. .4...5....!.5....!.5.-A.!.5....!.5.Rich .5.........PE..d...\9/V.........." .....<...........7.......................................@............`.............................................F.......<.... .......................0......`T..8...........................@...p............P...............................text...p:.......<.................. ..`.rdata...~...P.......@..............@..@.data...p=..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\clibs64\lfs.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):128000
                                                                                                                                                                                                          Entropy (8bit):6.022352271630432
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:BzlRkrowTiYa0u6lQUf3V/4MSfayysXZzjGRobJy:BRylTHa+/yMByyupY
                                                                                                                                                                                                          MD5:5E8AD34FF069B6A2E1AE00BDFE96B612
                                                                                                                                                                                                          SHA1:3C83AA3EBD95D9A060ED1F06E236E046C6CD93A7
                                                                                                                                                                                                          SHA-256:4EE8D3375F2EEB8E5AFB230D13C2CF9EE0379B0EDFA76AD8DBF5EBC686A629C1
                                                                                                                                                                                                          SHA-512:54404199C3B5B3597DC8FB5A6E3C6772F2729045AA5C9AEE648C4306358481DEF2BC15538899AB5E0F5E33D202CEC863348830A090B144E00D1662CCF4175828
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dr[. .5. .5. .5.fB...5.fB...5.fB.).5.....".5.]j.#.5. .4...5....!.5....!.5.-A.!.5....!.5.Rich .5.........PE..d...\9/V.........." .....<...........7.......................................@............`.............................................F.......<.... .......................0......`T..8...........................@...p............P...............................text...p:.......<.................. ..`.rdata...~...P.......@..............@..@.data...p=..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\commonmodulelist.txt (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1882
                                                                                                                                                                                                          Entropy (8bit):4.658116184932645
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:60wIlJhxWXs/2h8OjrGCLyO7OjO6NsVhVyQk7FUBL9HuTsx0refVS+IsZZsznGd2:HTP8gE8OvnKy6NsVu7FYLswlW/
                                                                                                                                                                                                          MD5:CC0F8B66BFEDC67DA8DBB2A7DF2AA006
                                                                                                                                                                                                          SHA1:C6D86CC43A042581E389DC9A28AFFDDF64294AC8
                                                                                                                                                                                                          SHA-256:CDDD0F35F7351E6F19486CCD7EEE5D31F0134C5C3554A12C7D51131DDE8E29CD
                                                                                                                                                                                                          SHA-512:A4AEC40AC6BEA2ADACF15829AEEEBE66117473A542303024669A828710C6AFD072C0F4890A6A334B35AC894A1A80A5BDD5E91A6FFCB7149540E304117A7E5800
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#write down modulenames that are commonly used by games..#this decreases the number of wrong results in various types of memory inspection....1911.dll..speedtreert.dll..visionengineplugin.vplugin..vision90.dll..vbase90.dll..nvscpapi.dll..physxcore.dll #nvidia physx..nxcooking.dll..physxloader.dll..physxextensions.dll..cudart.dll..openal32.dll..vorbisfile.dll..ogg.dll..vorbis.dll..vorbisenc.dll..vorbisfile.dll..binkw32.dll..bink2w64.dll..iconv.dll..gameoverlayrenderer.dll #steam..steam_api.dll..steam_api64.dll..steamclient.dll..steamclient64.dll..tier0_s.dll..vstdlib_s.dll..steam.dll..steam2.dll..mss32.dll..dbghelp.dll..umbra.dll..unrar.dll....#CE dll's..cehook.dll..allochook.dll..allochook-x86_64.dll..allochook-i386.dll..vehdebug-i386.dll..vehdebug-x86_64.dll..speedhack-i386.dll..speedhack-x86_64.dll..luaclient-i386.dll..luaclient-x86_64.dll..d3dhook.dll..d3dhook64.dll..ced3d9hook.dll..ced3d9hook64.dll..ced3d10hook.dll..ced3d10hook64.dll..ced3d11hook.dll..ced3d11hook64.dll..luaclient-

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\d3dhook.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):122776
                                                                                                                                                                                                          Entropy (8bit):6.859839225631497
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:QyfNvGKKZVGcuasOKQBBTff07PSZHCSVKOCDCA32XQaOCKnOEPChMOE6:lNvG7vGcIiBTMS18RD7325YO/hMOr
                                                                                                                                                                                                          MD5:2A2EBE526ACE7EEA5D58E416783D9087
                                                                                                                                                                                                          SHA1:5DABE0F7586F351ADDC8AFC5585EE9F70C99E6C4
                                                                                                                                                                                                          SHA-256:E2A7DF4C380667431F4443D5E5FC43964B76C8FCB9CF4C7DB921C4140B225B42
                                                                                                                                                                                                          SHA-512:94ED0038068ABDDD108F880DF23422E21F9808CE04A0D14299AACC5D573521F52626C0C2752B314CDA976F64DE52C4D5BCAC0158B37D43AFB9BC345F31FDBBC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h...h...h...:U..h...:D..h...:R..h..|....h...h...h...:[..h...:@..h..Rich.h..........PE..L...}..S...........!.........j.......K....... .......................................d....@..................................L..<....................x...g...........!..............................XB..@............ ..|............................text............................... ..`.rdata...5... ...6..................@..@.data...<0...`.......D..............@....rsrc................X..............@..@.reloc..h............Z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\d3dhook64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):135064
                                                                                                                                                                                                          Entropy (8bit):6.612681349758152
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:ZGrrgbU27p/nFdpF/vwFLUjh2v5VjObfSVMPFtE8PdYO3kOc:crk3ZFdpRYUjh2verh6
                                                                                                                                                                                                          MD5:2AF7AFE35AB4825E58F43434F5AE9A0F
                                                                                                                                                                                                          SHA1:B67C51CAD09B236AE859A77D0807669283D6342F
                                                                                                                                                                                                          SHA-256:7D82694094C1BBC586E554FA87A4B1ED6EBC9EB14902FD429824DCD501339722
                                                                                                                                                                                                          SHA-512:23B7C6DB0CB9C918AD9F28FA0E4E683C7E2495E89A136B75B7E1BE6380591DA61B6FB4F7248191F28FD3D80C4A391744A96434B4AB96B9531B5EBB0EC970B9D0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........nV..............................*%..........................Rich............PE..d...p..S.........." .....&...~......0\...............................................8....@.................................................l...<........................g......$....C...............................................@...............................text....%.......&.................. ..`.rdata..~K...@...L...*..............@..@.data....;...........v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..>...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\dbk32.cepack (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46468
                                                                                                                                                                                                          Entropy (8bit):7.994038510231404
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:knKJWrjSpYCoxMO0HqzZuCxbSbONOirgFENxbWUYfQsQB/ju9x0QhS5d7uuNMRgH:knKJorQO0KcFigi841WUYfQhju9x0OcF
                                                                                                                                                                                                          MD5:715D61B9BCC484E271775F36865A4CDE
                                                                                                                                                                                                          SHA1:8AE158AEF6F6005AA3D6E6F8A09A05FD95551784
                                                                                                                                                                                                          SHA-256:C4B5797588C80520745732B96D7C6681F8420BDF55E426C40B852E56E5630124
                                                                                                                                                                                                          SHA-512:5C8E462FA504AC91D928617C74E287B598CE326A323C8A05533D4245D018A4A4CC354D05A0568785E7642D8CF779805950D70FE167C456B2D15F8901D714C037
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:CEPACK0:....|T..?~7..,...0.(....%........%.DL...uAE.....7...k...,..c[.........I.....Bk.y..........=..n6.}.......Wf.33g..9s..[r.V!U..#9E.........?...^.&.2..c....y.b...9..<..5?x(...<..#.....Y.x8...s..t.<......:d....K~.......O_....J...Q.S.y.o.m........^....F..G..s.A....D.E.......0.&...w....R...aV^.'.r_E?Vr.Z-.=E....K..j.].^i.4..Q.#"n.x.Y.....*.l.r... ..N9.......7...m.U...o....~z........I.9. NY........N.....Q...=..bP......w..o(.P.a...7.o..V=B.Pv..I..o..-......1.sp.P(x........M...~-.......R.N7...P.o..:....0)...+.Rq.(../....L.O.e.......^..8'.{"..!.=R.\...|.o.. ..U.c.5-.~g.S..3.A....p..+.#JC.....j..;.1S... ..STX.`y...Z....f.d....SI..Q....(P|d....l0....<{...0{.r..*Pr}..*.BE....{...2/;....H..kg.o....r<j.K3.S.U.e>X.<...c.4.d7/.`....k....YV.zU........).GO....Y.x....[.9.p...q.........G...7z.....y.......a.El.*F9&...[3...XF.P.<l.rU.o.C.a.4w..jI.UeU.tUi.....*.0.O..~J..^.a.M%VzwZ.*..U.WU$..qMU..h.\..MU...A.....1<...-......'...gG.U6!X.M.s

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\dbk64.cepack (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):55173
                                                                                                                                                                                                          Entropy (8bit):7.995644990698608
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:1536:aPQbr8Hv6jZwnB8K5vHTcM2b9+lmFD/cEt1kbD5F:Tbr8Hv6ji75vHTx9kD/cquP
                                                                                                                                                                                                          MD5:3885F7AF9007DF5A9874E61EDBB45F58
                                                                                                                                                                                                          SHA1:F7A7719E5A9036604CC64922FF2DC4FD40D253DD
                                                                                                                                                                                                          SHA-256:52EAA08C57AA0BA9737ED4413786DAB747DF4C692F34BF601D4FB0B37F231D08
                                                                                                                                                                                                          SHA-512:CAFF16F4171D205A1B44B18651FBA7B72D33F7FDD657C5EBA44853B26929B3F48749D9C5B07F158EA903D41C09A905D27D0A4E3D7B6228550B8C255FC64D5A3D
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:CEPACK.....{|SE.8~o...4$"..."...JQ.P.Z..[.*j}.E.VE..j]A[[.1........oD..)E[\.........1..."".....4e..........;....3g.9.V-O.47<..i./.........b..B...i....gB.EW.k....+'_..2....../.......E...N9=x..S.....D..>...W...g......Wr)../.s....C...}=..6.b.s[..~.?y...w.........i.M..t{.B..6..>.../W...0..k._;.*.........4.&.].....G....E.y....t....O..Wmj.K.P..ti...e...X`...I..k%;.3u....ow..D..E...:.h..D..E...r...dM.{WNS...%z...y..i...?5:..V.....F.:B]...=.gz.O.?..l.F.@.=G.....\9m..S4n.h+.wF........l..6[..W..f*........*....W..pr]X..z+..t:.......5;......a.Y.u..R.{..f......X4Tx....o2..._.1o........d7.....g.......~.....XG_.._1c....}.......|.........*0.u....-.u..N.*.y=.~..:x5..C.k....j.A.HIuQ4...cZ./.6}.X........;.:5.....0?.N.*`....x.......l..w...BEf|F..GC.h....oe....V2..B.Y...b......'.....*.q$6..k.7@M1x...i..o.Y.M....N+.N.1..x.~.r...............Qa...a..].p...._....d..$L....g..Nn.SQ[.......Mb..b|y...}....%v1....D].,Jji..(Q.h..M..G.q...[B.h.j.y`

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\defines.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12502
                                                                                                                                                                                                          Entropy (8bit):5.40558493486102
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:0egHuderGTd4G9mSZk/8fdtINfbLmJFcSC5xm+9qh07EBS5pekFrLUK80u9ETxst:AHuderlSZk/8FtIF4umMqEpDg3fT
                                                                                                                                                                                                          MD5:62E1FA241D417668F7C5DA6E4009A5A6
                                                                                                                                                                                                          SHA1:F887409E3C204A87731F317A999DC7E4CC8D3FCD
                                                                                                                                                                                                          SHA-256:82E8EF7DF20A86791CEF062F2DCACB1D91B4ADC9F5DEA2FD274886BE8365B2F8
                                                                                                                                                                                                          SHA-512:2283CBB9E1D5D53AD1ED9BC9DB6034FB3C53C633B11001F373523640BBBBA95DA9A3A0866C7D5FA0620FACAB7D18C8577DFD69496FC7319E0A4A74D0B9E10C45
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--Defines:....--checkbox state defines..cbUnchecked=0..cbChecked=1..cbGrayed=2......--onMouseEvent button defines:..mbLeft=0..mbRight=1..mbMiddle=2..mbExtra1=3..mbExtra2=4......--memo scrollbar defines..ssNone=0..ssHorizontal=1..ssVertical=2..ssBoth=3..ssAutoHorizontal=4..ssAutoVertical=5..ssAutoBoth=6......bsNone=0..bsSingle=1..bsSizeable=2..bsDialog=3..bsToolWindow=4..bsSizeToolWin=5........--scan types: (fast scan methods)..fsmNotAligned=0..fsmAligned=1..fsmLastDigits=2....--rounding types..rtRounded=0..rtExtremerounded=1..rtTruncated=2....--scan options..soUnknownValue=0..soExactValue=1..soValueBetween=2..soBiggerThan=3..soSmallerThan=4..soIncreasedValue=5..soIncreasedValueBy=6..soDecreasedValue=7..soDecreasedValueBy=8..soChanged=9..soUnchanged=10......--debug variables..--Breakpoint methods:..bpmInt3=0..bpmDebugRegister=1..bpmException=2......--Breakpoint triggers:..bptExecute=0..bptAccess=1..bptWrite=2....--breakpoint continue methods:..co_run=0..co_stepinto=1..co_stepover=2....-

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\donottrace.txt (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):104
                                                                                                                                                                                                          Entropy (8bit):4.292808527787486
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:VSPAiQ7UeSaClo+tHEu3jdXgOYsO:Vr7Ueyl4u3jdQOS
                                                                                                                                                                                                          MD5:A2E60A2F01F69D0DA415C58F25C37E5B
                                                                                                                                                                                                          SHA1:FA1A0D6183FEE10DE5FA4C554370556217E3AF26
                                                                                                                                                                                                          SHA-256:DC9354CCF9667D1E5CA13D6468BA2C258256042D7C25E6D91ADE7F8E2A2FF3BF
                                                                                                                                                                                                          SHA-512:CE7F5F8365D2EF3DA14D4123CC7EF053A7F99E8F98D47E6C5967F267B8EC7FDAC2DA993D0FC26DF8EB2FACE176BA56B7359BA1F29F021E1DFDD561B15EFE64AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#Enter modulenames you do not wish to trace..#kernel32.dll #example. comment out to ignore kernel32.dll

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\gtutorial-i386.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3208608
                                                                                                                                                                                                          Entropy (8bit):6.4378051911330445
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:itwSHCeicAlYJhPx7Ur4+Kn8KTqeUrncXbvTCeVxkg8vL5V2zRkit6bch6WuDgR1:itwAf64swnNmnfsR3ccJkKSib
                                                                                                                                                                                                          MD5:0D4BDC37F5031A827B2877770974FE49
                                                                                                                                                                                                          SHA1:7D7D63F1CC49FB94D2FD59AF8A0BA89966CE0E07
                                                                                                                                                                                                          SHA-256:F3C536EC5307D71260FA5D6D70AC56A20A00DBC3FB785E0DEB4EF0F7DC66FC2E
                                                                                                                                                                                                          SHA-512:D1FAF9BCF6BBF6E458780F4D913BA600A5F987FF33BE8D24A1165F5BFA925B2D1DFFDAA6E666712D09D58478174BC2956877A4A60376F7773D1E818BB38A23E1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........................d...D....-.......0....@..........................@1.......1.......................................-...... ................0..k..................................P0......................8.-.\............................text............................... ..`.data...d....0......................@....rdata...=... %..>....%.............@..@.bss....D....`-..........................CRT..........-......F-.............@....idata.../....-..0...H-.............@....rsrc........ .......x-.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\gtutorial-x86_64.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4210080
                                                                                                                                                                                                          Entropy (8bit):6.041283402178925
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:aMiOO5AqojVbq2s2Kyvzq/9E3piKR+77v5WiESldKtyQ6WuDgRPOjgy+OSijV:aMiOOaBbq2VVvnlykESip
                                                                                                                                                                                                          MD5:AEC662CEAE2C4D5ABAEEEE084D828582
                                                                                                                                                                                                          SHA1:A57CEB95E3FD3F8E8C59C0B7E913E2681B64751D
                                                                                                                                                                                                          SHA-256:2DD35A044D1291D593F1DA15C40FD124DA3E4D52D0D045EC61465B725E58079D
                                                                                                                                                                                                          SHA-512:FF28EB79795A6D4AD97A5C79CEB5314208C616BE7CC9196622B9BB2AB8149C6CAA166EED6165923DC8FA253A400422CBEE9E061E72DCF61CE66C700D1451AE7A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......#..m......-........................................@...... A......................................................@=.......=......0:.Ta....?..k..................................p.$.(....................O=..............................text.....#.......#................. ..`.data....m....$..n....#.............@....rdata.......p*......b*.............@..@.pdata..Ta...0:..b....:.............@..@.bss.........<..........................CRT.........0=......~<.............@....idata..@>...@=..@....<.............@....rsrc.........=.......<.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\_mingw.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3865
                                                                                                                                                                                                          Entropy (8bit):5.239566441223487
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:aOgQsLqPQLHbXTN6oYsNhd6vgAwFQCbTprO5BPPTeraG9n0WP/zgSRQh:aOgQO3hdE8KBPPTrGHU5
                                                                                                                                                                                                          MD5:DC2829239704CDD5A5109699666FA573
                                                                                                                                                                                                          SHA1:60C09E102F552444D59ED9ED474E667136C16DC0
                                                                                                                                                                                                          SHA-256:AB4BE7D34E7FA0E722F0948E0C90AD4D95B8A1EC649C2F186DFA387B57BE7833
                                                                                                                                                                                                          SHA-512:F3551AEF2A0FFE42A16F1A8BE26B2C2722E773A59D21B60B2454AB0B68B008402623F378D2AFAA30FEBA87F560475A52D2899E6D062BD7F88E22119B25231F17
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*. * _mingw.h. *. * This file is for TinyCC and not part of the Mingw32 package.. *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. */..#ifndef __MINGW_H.#define __MINGW_H../* some winapi files define these before including _mingw.h --> */.#undef __cdecl.#undef _X86_.#undef WIN32./* <-- */..#include <stddef.h>.#include <stdarg.h>..#define __int8 char.#define __int16 short.#define __int32 int.#define __int64 long long.#define _HAVE_INT64..#define __cdecl.#define __declspec(x) __attribute__((x)).#define __unaligned __attribute__((packed)).#define __fastcall __attribute__((fastcall))..#define __MSVCRT__ 1.#undef _MSVCRT_

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\assert.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1439
                                                                                                                                                                                                          Entropy (8bit):5.2295620824781714
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDaGduHH7PPW3ep0m3Vp0GrHt+5p0CKpmucLNw/HHsuHfgpbrRD:GRdm3emm3Vm+HOmCKmC1fgdp
                                                                                                                                                                                                          MD5:9C022D741996DB6D32411BFEF4EADB41
                                                                                                                                                                                                          SHA1:4BA93D77927EB8CFDCFE07F56D6EDADE180AF1DD
                                                                                                                                                                                                          SHA-256:3AB7EDEC5E55840C35BE252BAD52236955C3B4F9143810CDB1F09C34510EB8C4
                                                                                                                                                                                                          SHA-512:E448608BFECB770A087CB19934A1B45A5C564EA10BDF5A40BBB250F472830ECEE4990C669E90E495ECB5D4E48C3871CC2A33CE84F2D38524449FC9F5FD501DA0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef __ASSERT_H_.#define __ASSERT_H_..#include <_mingw.h>.#ifdef __cplusplus.#include <stdlib.h>.#endif..#ifdef NDEBUG.#ifndef assert.#define assert(_Expression) ((void)0).#endif.#else..#ifndef _CRT_TERMINATE_DEFINED.#define _CRT_TERMINATE_DEFINED. void __cdecl __MINGW_NOTHROW exit(int _Code) __MINGW_ATTRIB_NORETURN;. _CRTIMP void __cdecl __MINGW_NOTHROW _exit(int _Code) __MINGW_ATTRIB_NORETURN;.#if !defined __NO_ISOCEXT /* extern stub in static libmingwex.a */./* C99 function name */.void __cdecl _Exit(int) __MINGW_ATTRIB_NORETURN;.__CRT_INLINE __MINGW_ATTRIB_NORETURN void __cdecl _Exit(int status).{ _exit(status); }.#endif..#pragma push_macro("abort").#undef abort. void __cdecl __declspec(noreturn) abort(void);.#pragma pop_macro("abort")..#endif..#ifdef __cplusplus.ext

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\celib.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):164
                                                                                                                                                                                                          Entropy (8bit):4.396200340591225
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:YRTvF08wB32DsxQGG+TSERKR9BeCTSERKRIHTSERKR7LsyodP1XGZovVOMD:oF08iGDsx9TSEIToCTSEIcTSEIVun4yJ
                                                                                                                                                                                                          MD5:623F15DB2D9075E9DE1E1E5217854933
                                                                                                                                                                                                          SHA1:247EBCAA4F74507EDC5E06E2382378561E67027E
                                                                                                                                                                                                          SHA-256:2C63CD52CD589A204C8E5F75B9179FD520BE1A0770A698303526BE4069613E3B
                                                                                                                                                                                                          SHA-512:34555DF799E9F54EFDFF3BE4498CF20565935A0D5A116D030475042E3BD1CEA9F949A8CC4D9DD5C320FD528879B6221CA70CA0B9068C1AC6381B55C4756D92C4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef celib_h..#define celib_h....typedef struct _cecs..{.. volatile int locked;.. volatile int threadif;.. volatile int lockcount; ..} cecs, *Pcecs;....#endif

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\conio.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11130
                                                                                                                                                                                                          Entropy (8bit):4.886603456377803
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R9IFnJJzpoJItwJ+Y31t1d1uF8sFX9B17lHLQWq4QcHyQA3sG1:XI4IJ2WzPw
                                                                                                                                                                                                          MD5:6A61E54AD2614BA528414C7B69147CAF
                                                                                                                                                                                                          SHA1:242479133484E15A2AF816D95DDB053835BF4C64
                                                                                                                                                                                                          SHA-256:DE7161F85835D98B38FE6A19EF8973DCAF58EC237B1C91CF05AC535B2FF3845F
                                                                                                                                                                                                          SHA-512:468702A606E20FFA893054F676C56DFE6EB3D28A002BAE143298422AB388A2F2F78E318714F5274BC9EBD243863F5228D5EBEAD5F31D892E96D8742C8E6846A1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_CONIO.#define _INC_CONIO..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP char *_cgets(char *_Buffer);. _CRTIMP int __cdecl _cprintf(const char *_Format,...);. _CRTIMP int __cdecl _cputs(const char *_Str);. _CRTIMP int __cdecl _cscanf(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _getch(void);. _CRTIMP int __cdecl _getche(void);. _CRTIMP int __cdecl _vcprintf(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_p(const char *_Format,...);. _CRTIMP int __cdecl _vcprintf_p(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_l(const char *_Format,_loc

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\ctype.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9755
                                                                                                                                                                                                          Entropy (8bit):5.0535405224800884
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:aK0sBzLLoy8q3JHZDrs+UAt0g7WnBeaIlzjD:EALLb8ars+Flzf
                                                                                                                                                                                                          MD5:22E5A00491E32D15B40B196397AD01C1
                                                                                                                                                                                                          SHA1:B0DB6FCBF4ABD2F4FDEA2771399C1E502D9F8106
                                                                                                                                                                                                          SHA-256:4CFAAA43B3F7414984126E8B1CDF65F9DAC0EF68D9A3396BE0B8828376A74A6B
                                                                                                                                                                                                          SHA-512:28839104776441738233334A20DE6CE3ADA51179FB50366C27AB60432949FC78E1CCF735D2E80216F8779D84328634005C322D0010875E8FE0FF33D699ECC114
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_CTYPE.#define _INC_CTYPE..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _CRT_CTYPEDATA_DEFINED.#define _CRT_CTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS..#ifndef __PCTYPE_FUNC.#define __PCTYPE_FUNC __pctype_func().#ifdef _MSVCRT_.#define __pctype_func().(_pctype).#else.#define __pctype_func().(*_imp___pctype).#endif.#endif..#ifndef _pctype.#ifdef _MSVCRT_. extern unsigned short *_pctype;.#else. extern unsigned short **_imp___pctype;.#define _pctype (*_imp___pctype).#endif.#endif..#endif.#endif..#ifndef _CRT_WCTYPEDATA_DEFINED.#define _CRT_WCTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS.#ifndef _wctype.#ifdef _MSVCRT_. extern unsigned short *_wctype;.#else. extern unsigned short **_im

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\dir.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):952
                                                                                                                                                                                                          Entropy (8bit):4.981227039868006
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDadJeDoxsClLEdPQq15Fo30wLwNOk60:GYo6XDQsLp
                                                                                                                                                                                                          MD5:EF5C7267DF270272BFA8F8EBD1B516F2
                                                                                                                                                                                                          SHA1:1E3F8A9AFD814EFA8CF7C88DC480E9914A5BC570
                                                                                                                                                                                                          SHA-256:84064B17E501D691C43D47E45B112C2884DB467417910B5FA1482B72342BADFB
                                                                                                                                                                                                          SHA-512:8CA2B0E08B66EAA843FC7AD0F8F4063450A469914819A637AA3F8CAC39DD38E32CC0403F2B04F767AE486934026585B56F93544C8A1F5D92CCE32CE84A4506F4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* . * dir.h. *. * This file OBSOLESCENT and only provided for backward compatibility.. * Please use io.h instead.. *. * This file is part of the Mingw32 package.. *. * Contributors:. * Created by Colin Peters <colin@bird.fu.is.saga-u.ac.jp>. * Mumit Khan <khan@xraylith.wisc.edu>. *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. */..#include <io.h>..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\direct.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1979
                                                                                                                                                                                                          Entropy (8bit):5.047752773488744
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDnZTwNe2FhqA7DiyX40E090m0c0/0vF7Gl0lF+yivXw0vZ0CZ0F2xFeHv:Gs6Z7aNA7bmwGOK0gZBZCQs
                                                                                                                                                                                                          MD5:83679DA78AAF8F8352ACB1883B9EF868
                                                                                                                                                                                                          SHA1:FD89079636571A93755120120AB4F03B91076478
                                                                                                                                                                                                          SHA-256:179C3204312D7CF8032102773629BCB3E5FFF792D1D808931CB6619A431D2435
                                                                                                                                                                                                          SHA-512:13AF1F2C118E898E6055CA61286C9766DF75366FF4F30708F613193CD8F89AFC4A4CC2FD31FC3AC6DCE5D577EE83E203F79ACA3B739D9D9E9E60B42CD9C7036E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_DIRECT.#define _INC_DIRECT..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _DISKFREE_T_DEFINED.#define _DISKFREE_T_DEFINED. struct _diskfree_t {. unsigned total_clusters;. unsigned avail_clusters;. unsigned sectors_per_cluster;. unsigned bytes_per_sector;. };.#endif.. _CRTIMP char *__cdecl _getcwd(char *_DstBuf,int _SizeInBytes);. _CRTIMP char *__cdecl _getdcwd(int _Drive,char *_DstBuf,int _SizeInBytes);. char *__cdecl _getdcwd_nolock(int _Drive,char *_DstBuf,int _SizeInBytes);. _CRTIMP int __cdecl _chdir(const char *_Path);. _CRTIMP int __cdecl _mkdir(const char *_Path);. _CRTIMP int __cdecl _rmdir(const char *_Path);. _CRTIMP int __cdecl _chdrive(int _Drive);. _CRTIMP in

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\dirent.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3339
                                                                                                                                                                                                          Entropy (8bit):4.737300914010111
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GzyKQvcpqt7K7PnON+J3esAYUJ0q/nfB2Vt7K7qpdSVNsJ35sAYqJ0q/WaLcC:ayfv0ONgcKqvspkVNyh8q+UcC
                                                                                                                                                                                                          MD5:AFBE32EE6DED8CBAD33D6FE3FBBF077D
                                                                                                                                                                                                          SHA1:A7F0D3EDEE5F49E127575EB25E64E2747108E7C3
                                                                                                                                                                                                          SHA-256:88C1F767FDCD6D51B991EE3234792DA48C8576F5F8816F17A42344F9C8BBB1C1
                                                                                                                                                                                                          SHA-512:F655A40F8C87A0CB43A34AE47612D5CEF2CF7814FD2AE9CE1C8566F97F45E91470364BD87E8C12861CCE44FB8CCA54717546BAACC6CCBDACE51D0D15206304DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* All the headers include this file. */.#include <_mingw.h>..#ifndef.__STRICT_ANSI__..#ifndef _DIRENT_H_.#define _DIRENT_H_...#pragma pack(push,_CRT_PACKING)..#include <io.h>..#ifndef RC_INVOKED..#ifdef __cplusplus.extern "C" {.#endif.. struct dirent. {. long..d_ino;../* Always zero. */. unsigned short.d_reclen;./* Always zero. */. unsigned short.d_namlen;./* Length of name in d_name. */. char*..d_name;../* File name. */. /* NOTE: The name in the dirent structure points to the name in the. * finddata_t structure in the DIR. */. };.. /*. * This is an internal data structure. Good programmers will not use it. * except as an argument to one of the functions below.. * dd_stat field is now int (was short in older versions).. */. typedef struct. {.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\dos.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1090
                                                                                                                                                                                                          Entropy (8bit):5.185707945606799
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDLDhTwNeehqAaZzTcvYRkvF76bUge/xXmy:GyDCHcOV6bULZv
                                                                                                                                                                                                          MD5:3B6FBC94238DF0FD001B04D55BC899DB
                                                                                                                                                                                                          SHA1:231E18CE6A5488B2353FB9EF052FD6677C2CF555
                                                                                                                                                                                                          SHA-256:3AFEA4AE85C68987FE59F40592AC5EA3EF1049B4FB72612BB185358D628E2DEC
                                                                                                                                                                                                          SHA-512:28BA3ED6CC9511F17798822FA81A2D16DA17CA4AF9DA64F3EDC9170FBB883801BF07390214C54B58A32251E6A1C3BB359CB76E892DDB77FBF8C1BF3985E13E5E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_DOS.#define _INC_DOS..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _DISKFREE_T_DEFINED.#define _DISKFREE_T_DEFINED.. struct _diskfree_t {. unsigned total_clusters;. unsigned avail_clusters;. unsigned sectors_per_cluster;. unsigned bytes_per_sector;. };.#endif..#define _A_NORMAL 0x00.#define _A_RDONLY 0x01.#define _A_HIDDEN 0x02.#define _A_SYSTEM 0x04.#define _A_SUBDIR 0x10.#define _A_ARCH 0x20..#ifndef _GETDISKFREE_DEFINED.#define _GETDISKFREE_DEFINED. _CRTIMP unsigned __cdecl _getdiskfree(unsigned _Drive,struct _diskfree_t *_DiskFree);.#endif..#if (defined(_X86_) && !defined(__x86_64)). void __cdecl _disable(void);. void __cdecl _enable(void);.#endif..#ifndef.NO_OLDNAMES.#de

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\errno.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1410
                                                                                                                                                                                                          Entropy (8bit):5.11838654592129
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDZ8CF1niJLkkutU0IdH6lO7baol3fRfUJhBJXs:Gi4YeH8915s
                                                                                                                                                                                                          MD5:B81E5A965ABD076FB52DE6DFA22A78C4
                                                                                                                                                                                                          SHA1:DC11ACF6A38871E60D79108DAD6C3156715F05E7
                                                                                                                                                                                                          SHA-256:7C8494FE57D944773861C4C1CC1F2B46B3111144A24BF505B3D47B32F0AC1E8A
                                                                                                                                                                                                          SHA-512:8F3057882753150FEFA734897ECFD8DC4082580E856947910FCD891D744651706338A7DF78C1DCF1C7E54EE79EA2A6E8D2646BE9DAC92EF301D7347801F04273
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_ERRNO.#define _INC_ERRNO..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRT_ERRNO_DEFINED.#define _CRT_ERRNO_DEFINED. _CRTIMP extern int *__cdecl _errno(void);.#define errno (*_errno()).. errno_t __cdecl _set_errno(int _Value);. errno_t __cdecl _get_errno(int *_Value);.#endif..#define EPERM 1.#define ENOENT 2.#define ESRCH 3.#define EINTR 4.#define EIO 5.#define ENXIO 6.#define E2BIG 7.#define ENOEXEC 8.#define EBADF 9.#define ECHILD 10.#define EAGAIN 11.#define ENOMEM 12.#define EACCES 13.#define EFAULT 14.#define EBUSY 16.#define EEXIST 17.#define EXDEV 18.#define ENODEV 19.#define ENOTDIR 20.#define EISDIR 21.#define ENFILE 23.#define EMFILE 24.#define ENOTTY 25.#define EFBIG 27.#define ENOSPC 28.#define ESPIPE 29.#define EROFS 30.#de

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\excpt.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3796
                                                                                                                                                                                                          Entropy (8bit):5.3190944253059405
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GdUcbUGSCnlAxeSeFkvSp2wCoIt6TcUEYEJ+CkbUHfXF0XQtVI:QTIGTWeFk6pw/6TOMvIfFsA+
                                                                                                                                                                                                          MD5:D236372CBA09E14C37B4E48F81BAEF83
                                                                                                                                                                                                          SHA1:11A3BFFAACEDFA1CAA4B4BB836CD95297A4ECC6D
                                                                                                                                                                                                          SHA-256:0098E51602C94F8A9702F4B776D3630F56EEC27ED67B9FC36D9204933B58AC4D
                                                                                                                                                                                                          SHA-512:D7C22525FBB97BF8950DB69645511420F1198ABE33F5D0FE07A5EE8DD6B5CDA07038B6DB71A2995C6F5EC1B85D8B98E4370330193132E95F2A65E3A847F04408
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_EXCPT.#define _INC_EXCPT..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif.. struct _EXCEPTION_POINTERS;..#ifndef EXCEPTION_DISPOSITION.#define EXCEPTION_DISPOSITION int.#endif.#define ExceptionContinueExecution 0.#define ExceptionContinueSearch 1.#define ExceptionNestedException 2.#define ExceptionCollidedUnwind 3..#if (defined(_X86_) && !defined(__x86_64)). struct _EXCEPTION_RECORD;. struct _CONTEXT;.. EXCEPTION_DISPOSITION __cdecl _except_handler(struct _EXCEPTION_RECORD *_ExceptionRecord,void *_EstablisherFrame,struct _CONTEXT *_ContextRecord,void *_DispatcherContext);.#elif defined(__ia64__).. typedef struct _EXCEPTION_POINTERS *Exception_info_ptr;. struct _EXCEPTION_RECORD;. struct _CONTEXT;. struct _DISP

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\fcntl.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1269
                                                                                                                                                                                                          Entropy (8bit):5.067511244355359
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDeLwFq64bCszOD1zr/Aob1UBFv1tDaMLQHy2RoP/17FN:GOFq6UkybLGMLgyx/17z
                                                                                                                                                                                                          MD5:478ADD63D2C741D03A60A11BDC4FC0D3
                                                                                                                                                                                                          SHA1:E9E0C857D2C409F23C346D81B77C5634F1C395AB
                                                                                                                                                                                                          SHA-256:FBD94F945A57165AC897BDBACD2A861B1351E7850FA76752703C0A622E0646FA
                                                                                                                                                                                                          SHA-512:BCCC563718B1A03E93E5BF8CF0D79BB3128A3FC1FDD6FBC17792CBAF3C5DE70DE06EC2F88D8EED7105FF62056E32E9A79570F5890E75F4443033421D283B2FEC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#include <io.h>..#ifndef _INC_FCNTL.#define _INC_FCNTL..#define _O_RDONLY 0x0000.#define _O_WRONLY 0x0001.#define _O_RDWR 0x0002.#define _O_APPEND 0x0008.#define _O_CREAT 0x0100.#define _O_TRUNC 0x0200.#define _O_EXCL 0x0400.#define _O_TEXT 0x4000.#define _O_BINARY 0x8000.#define _O_WTEXT 0x10000.#define _O_U16TEXT 0x20000.#define _O_U8TEXT 0x40000.#define _O_ACCMODE (_O_RDONLY|_O_WRONLY|_O_RDWR)..#define _O_RAW _O_BINARY.#define _O_NOINHERIT 0x0080.#define _O_TEMPORARY 0x0040.#define _O_SHORT_LIVED 0x1000..#define _O_SEQUENTIAL 0x0020.#define _O_RANDOM 0x0010..#if !defined(NO_OLDNAMES) || defined(_POSIX).#define O_RDONLY _O_RDONLY.#define O_WRONLY _O_WRONLY.#define O_RDWR _O_RDWR.#define O_APPEND _O_APPEND.#define O_CREAT _O_CREAT.#define O_TRUNC _O_TRUNC

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\fenv.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3146
                                                                                                                                                                                                          Entropy (8bit):5.109358717547865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GjF4XfZlIPU0rBLeGwDO0QZFxI2bMCaZSpEhW8bxv:CivoPU0rBLeRDO0QfxI2YCaZZhNl
                                                                                                                                                                                                          MD5:DEEC7C35F77EC8E22074667641CA8851
                                                                                                                                                                                                          SHA1:8CCE6B663A9A04B3C13AA6621B0798E487A8A88E
                                                                                                                                                                                                          SHA-256:67A827ACF4E09653AFB5D18F2ECAA5FCDFB7471D8A5B8197C2F33D06E8462F84
                                                                                                                                                                                                          SHA-512:8DE2B82B0579E6C37546A26BC1AB5D7603090E815D8CE728474B1405339AB4EF4F0794DF19FF4CC3780AA7259288D4D93FD50B0E9C63D413FF22AD5E72BFCBE5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _FENV_H_.#define _FENV_H_..#include <_mingw.h>../* FPU status word exception flags */.#define FE_INVALID.0x01.#define FE_DENORMAL.0x02.#define FE_DIVBYZERO.0x04.#define FE_OVERFLOW.0x08.#define FE_UNDERFLOW.0x10.#define FE_INEXACT.0x20.#define FE_ALL_EXCEPT (FE_INVALID | FE_DENORMAL | FE_DIVBYZERO \... | FE_OVERFLOW | FE_UNDERFLOW | FE_INEXACT)../* FPU control word rounding flags */.#define FE_TONEAREST.0x0000.#define FE_DOWNWARD.0x0400.#define FE_UPWARD.0x0800.#define FE_TOWARDZERO.0x0c00../* The MXCSR exception flags are the same as the. FE flags. */.#define __MXCSR_EXCEPT_FLAG_SHIFT 0../* How much to shift FE status word exception flags. to get MXCSR rounding flags, */.#define __MXCSR_ROUND_FLAG_SHIFT 3..#ifndef RC_INVOKED./*. For now, support only for t

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\float.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1374
                                                                                                                                                                                                          Entropy (8bit):5.161015521868813
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:9Mz83vjoKY2mg/oCrPy+lUmCSh/PTtcmBSED9smlS1:9MEj+bkoCrqahXBPSEDWJ
                                                                                                                                                                                                          MD5:3B2E4B0C01E5B0B790F4F6751E977CC9
                                                                                                                                                                                                          SHA1:06DB05E1C73809CD442EF58F775A8E87D708421D
                                                                                                                                                                                                          SHA-256:C9BAAA478E3BA85897B781F7065B9E144FAACC8E81CAFA5A642B5D49C78434EB
                                                                                                                                                                                                          SHA-512:28DD57DC4360292B987D38A408771B5E1D5B423BFD9656BEE9DFA2F9BC19696AF63A7F90CD350C8445BB27C5049987D97D9530AB15F3697D37652A91AAA7F892
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _FLOAT_H_.#define _FLOAT_H_..#define FLT_RADIX 2../* IEEE float */.#define FLT_MANT_DIG 24.#define FLT_DIG 6.#define FLT_ROUNDS 1.#define FLT_EPSILON 1.19209290e-07F.#define FLT_MIN_EXP (-125).#define FLT_MIN 1.17549435e-38F.#define FLT_MIN_10_EXP (-37).#define FLT_MAX_EXP 128.#define FLT_MAX 3.40282347e+38F.#define FLT_MAX_10_EXP 38../* IEEE double */.#define DBL_MANT_DIG 53.#define DBL_DIG 15.#define DBL_EPSILON 2.2204460492503131e-16.#define DBL_MIN_EXP (-1021).#define DBL_MIN 2.2250738585072014e-308.#define DBL_MIN_10_EXP (-307).#define DBL_MAX_EXP 1024.#define DBL_MAX 1.7976931348623157e+308.#define DBL_MAX_10_EXP 308../* horrible intel long double */.#if defined __i386__ || defined __x86_64__..#define LDBL_MANT_DIG 64.#define LDBL_DIG 18.#define LDBL_EPSILON 1.08420217248550443401e-19L.#define LDBL_MIN_EXP (-16381).#define LDBL_MIN 3.36210314311209350626e-4932L.#define LDBL_MIN_10_EXP (-4931).#define LDBL_MAX_EXP 16384.#define LDBL_MAX 1.18973149535723176502e+4932L.#defin

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\inttypes.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6072
                                                                                                                                                                                                          Entropy (8bit):5.148919168403688
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:a0GgtlRUn9ZpD5AgcpqdvDp/pwZzSAGkKTskBkbBpbwlHrhchgM2bRBhuYBbV3VU:a0GgJUn9ZpD+gcpqdvDp/pwZzP1iskSX
                                                                                                                                                                                                          MD5:6BB72461C8C72CC3B96F78C73FA803BA
                                                                                                                                                                                                          SHA1:4506FB8BFA1622D4533DB176B3DCFAB0AE021672
                                                                                                                                                                                                          SHA-256:4194C0408CDBA330B7CFA1D2091D72A0CFBF2077FF1FEB19F436F3F3AA2ADF18
                                                                                                                                                                                                          SHA-512:5F6D95651183FBCE7490A619D37672F2D3BAC516319D0EDCD4E782A77632B457632EB83AB54B67132752649FBBFBD1D4EB2B4ABA2622BDF729F0C4BD7509DB2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* 7.8 Format conversion of integer types <inttypes.h> */..#ifndef _INTTYPES_H_.#define _INTTYPES_H_..#include <_mingw.h>.#include <stdint.h>.#define __need_wchar_t.#include <stddef.h>..#ifdef.__cplusplus.extern."C".{.#endif..typedef struct {..intmax_t quot;..intmax_t rem;..} imaxdiv_t;..#if !defined(__cplusplus) || defined(__STDC_FORMAT_MACROS)../* 7.8.1 Macros for format specifiers. * . * MS runtime does not yet understand C9x standard "ll". * length specifier. It appears to treat "ll" as "l".. * The non-standard I64 length specifier causes warning in GCC,. * but understood by MS runtime functions.. */../* fprintf macros for signed types */.#define PRId8 "d".#define PRId16 "d".#define PRId32 "d".#define PRId64 "I64d"..#define PRIdLEAST8 "d".#define PRIdLEAST16 "d".#define PR

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\io.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13067
                                                                                                                                                                                                          Entropy (8bit):5.032337228232408
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Y8Bx8BjP8BJPKf37Rw8z/hI9B3mpv6O3O8iONUO5OG0xLIJ8SNgVSAMczPO8cONU:r02oxz7vX+8fNxIG0S8SNgVxz28ZNU
                                                                                                                                                                                                          MD5:4AC0744EF16453FEBED8DE4242997946
                                                                                                                                                                                                          SHA1:B092C9006DE0A8DBE7F0FF568B6CAAFB00B4C90A
                                                                                                                                                                                                          SHA-256:5DA97C850E8E2AB608C42947A33411F556F6D75B8264E1E5CF29CA7BA7B96256
                                                                                                                                                                                                          SHA-512:1EC9947C6FE0160954F3922D6990863865D274874C31355F0838CCBB1BBF6650A9A3F0D3590537A189AFBF80E33CDE5393260FDD5F3EA5A736A066CDCC5FF815
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:./**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _IO_H_.#define _IO_H_..#include <_mingw.h>.#include <string.h>..#pragma pack(push,_CRT_PACKING)..#ifndef _POSIX_..#ifdef __cplusplus.extern "C" {.#endif.._CRTIMP char* __cdecl _getcwd (char*, int);.#ifndef _FSIZE_T_DEFINED. typedef unsigned long _fsize_t;.#define _FSIZE_T_DEFINED.#endif..#ifndef _FINDDATA_T_DEFINED.. struct _finddata32_t {. unsigned attrib;. __time32_t time_create;. __time32_t time_access;. __time32_t time_write;. _fsize_t size;. char name[260];. };../*#if _INTEGRAL_MAX_BITS >= 64*/.. struct _finddata32i64_t {. unsigned attrib;. __time32_t time_create;. __time32_t time_access;. __time32_t time_write;. __int64 size;. char name[260];. };.. struct _finddata64i32_t {. unsigned attrib;. __time64_t time_create

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-0TI5O.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):639
                                                                                                                                                                                                          Entropy (8bit):5.116570644892466
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BWIYKIiSUfwfvarry9rowrrqir3qGr+PFeHqveB7n4y8yvkA4p:i2PSh0PDWWIivavaq98whzlgFeHqve7u
                                                                                                                                                                                                          MD5:540EF403878DDBE2D4682540DA20095F
                                                                                                                                                                                                          SHA1:4E3230DF4B7A906CDC3B6E3E1A5CC768CC79C327
                                                                                                                                                                                                          SHA-256:6DE922C1BD7EEDC33308304785C212945064D763EEDFB373C09CBBB5CB933DDE
                                                                                                                                                                                                          SHA-512:7C27842CB6F3D2B9707A5DF55B45BCC5DD613CDA8C550F0232F0CB9DF8B59013F428EC3FC07FB002DFF80D26BB9941CE76CAADD22BD4B539C9F11EA13FE12EF5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SHARE.#define _INC_SHARE..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#define _SH_COMPAT 0x00.#define _SH_DENYRW 0x10.#define _SH_DENYWR 0x20.#define _SH_DENYRD 0x30.#define _SH_DENYNO 0x40.#define _SH_SECURE 0x80..#ifndef.NO_OLDNAMES.#define SH_COMPAT _SH_COMPAT.#define SH_DENYRW _SH_DENYRW.#define SH_DENYWR _SH_DENYWR.#define SH_DENYRD _SH_DENYRD.#define SH_DENYNO _SH_DENYNO.#endif..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-14FVE.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):126
                                                                                                                                                                                                          Entropy (8bit):4.580595223579644
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:UwqZKUaAJAtMLnKEwOEtLDLaF9rL4AsNXIC:Uwq1LJvnKEcXaF94FNXIC
                                                                                                                                                                                                          MD5:621045AE9CA57FE30C8A99DD52AC5703
                                                                                                                                                                                                          SHA1:39B1E30A678EAC4DF1B78C0EF9D315A18DF4F156
                                                                                                                                                                                                          SHA-256:FA3758847B33F59ABE99B023BE00D8A027C391ECD0580A1FE755497C11E0C723
                                                                                                                                                                                                          SHA-512:AADE260048487D82F129A9A51FBDEA949793465C33DC147B31943D22523FB1A63C48F80FCA370D5929BCCA76B89CD15D9786C439A65C396BB4A5416D387E3F3A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*. * TODO: Nothing here yet. Should provide UNIX compatibility constants. * comparable to those in limits.h and float.h.. */.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-1UIMF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2494
                                                                                                                                                                                                          Entropy (8bit):4.862990168468474
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:QAs3d3qmP8lV0TTPWuj/ATVhpIOFf6yrsEgTvVOFobil:QAGdafP0P/IiA
                                                                                                                                                                                                          MD5:4FE6BA37DEC896AB822646118B5343CE
                                                                                                                                                                                                          SHA1:EA68660748139159643AB495AA1EC9287A5E20FF
                                                                                                                                                                                                          SHA-256:116504A7C3FEABBC4551E9DB0BEC957170647EF2067EB46A4304BCBFDDCE5A30
                                                                                                                                                                                                          SHA-512:6B3304630293A2A5C1D4870B088A7FA2681354A4D28D6DFD97CDA16E102D6E97A19CB5C9A840C8587479E4A559AB3EE781F1E9001F1336C9318988B1F2F22CC7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _STDARG_H.#define _STDARG_H..#ifdef __x86_64__.#ifndef _WIN64..//This should be in sync with the declaration on our lib/libtcc1.c./* GCC compatible definition of va_list. */.typedef struct {. unsigned int gp_offset;. unsigned int fp_offset;. union {. unsigned int overflow_offset;. char *overflow_arg_area;. };. char *reg_save_area;.} __va_list_struct;..typedef __va_list_struct va_list[1];..void __va_start(__va_list_struct *ap, void *fp);.void *__va_arg(__va_list_struct *ap, int arg_type, int size, int align);..#define va_start(ap, last) __va_start(ap, __builtin_frame_address(0)).#define va_arg(ap, type) \. (*(type *)(__va_arg(ap, __builtin_va_arg_types(type), sizeof(type), __alignof__(type)))).#define va_copy(dest, src) (*(dest) = *(src)).#define va_end(ap)../* avoid conflicting definition for va_list on Macs. */.#define _VA_LIST_T..#else /* _WIN64 */.typedef char *va_list;.#define va_start(ap,last) _

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-2112F.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1374
                                                                                                                                                                                                          Entropy (8bit):5.161015521868813
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:9Mz83vjoKY2mg/oCrPy+lUmCSh/PTtcmBSED9smlS1:9MEj+bkoCrqahXBPSEDWJ
                                                                                                                                                                                                          MD5:3B2E4B0C01E5B0B790F4F6751E977CC9
                                                                                                                                                                                                          SHA1:06DB05E1C73809CD442EF58F775A8E87D708421D
                                                                                                                                                                                                          SHA-256:C9BAAA478E3BA85897B781F7065B9E144FAACC8E81CAFA5A642B5D49C78434EB
                                                                                                                                                                                                          SHA-512:28DD57DC4360292B987D38A408771B5E1D5B423BFD9656BEE9DFA2F9BC19696AF63A7F90CD350C8445BB27C5049987D97D9530AB15F3697D37652A91AAA7F892
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _FLOAT_H_.#define _FLOAT_H_..#define FLT_RADIX 2../* IEEE float */.#define FLT_MANT_DIG 24.#define FLT_DIG 6.#define FLT_ROUNDS 1.#define FLT_EPSILON 1.19209290e-07F.#define FLT_MIN_EXP (-125).#define FLT_MIN 1.17549435e-38F.#define FLT_MIN_10_EXP (-37).#define FLT_MAX_EXP 128.#define FLT_MAX 3.40282347e+38F.#define FLT_MAX_10_EXP 38../* IEEE double */.#define DBL_MANT_DIG 53.#define DBL_DIG 15.#define DBL_EPSILON 2.2204460492503131e-16.#define DBL_MIN_EXP (-1021).#define DBL_MIN 2.2250738585072014e-308.#define DBL_MIN_10_EXP (-307).#define DBL_MAX_EXP 1024.#define DBL_MAX 1.7976931348623157e+308.#define DBL_MAX_10_EXP 308../* horrible intel long double */.#if defined __i386__ || defined __x86_64__..#define LDBL_MANT_DIG 64.#define LDBL_DIG 18.#define LDBL_EPSILON 1.08420217248550443401e-19L.#define LDBL_MIN_EXP (-16381).#define LDBL_MIN 3.36210314311209350626e-4932L.#define LDBL_MIN_10_EXP (-4931).#define LDBL_MAX_EXP 16384.#define LDBL_MAX 1.18973149535723176502e+4932L.#defin

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-2543L.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8405
                                                                                                                                                                                                          Entropy (8bit):5.100723832842219
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:0ih8Bf8Bx8B6qwyKg758H898Bc8BQGDL2XMR6fm4RFeU6sxhE2JFE:0G8Bf8Bx8Bxwyz58O8Bc8Bv208m4RFeD
                                                                                                                                                                                                          MD5:698EA0C0196BA07E9B949406DBB9FFD7
                                                                                                                                                                                                          SHA1:7296CFE82FAB54F08D44CE9CBAB92BEF7D96C96E
                                                                                                                                                                                                          SHA-256:453793A2D6C6FC772D1CDD60E701FB3D393D752937C1D6B2CA64D5F1CEC9FD36
                                                                                                                                                                                                          SHA-512:49984DDD4866060D8E310CA6A2BD53DEA87ABA70778202C5EFED126C35B244DF90C42D61477775F327B30597138A73FB2B2EE2E1050DC6732FAEB766E870C146
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIME_H_.#define _TIME_H_..#include <_mingw.h>..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED.#define _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED. typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64.#if defined(__GNUC__) && defined(__STRICT_ANSI__). typedef int _time64_t __attribute__ ((mode (DI)));.#else. typedef __int64 __time64_t;.#endif.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typ

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-2B88A.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):345
                                                                                                                                                                                                          Entropy (8bit):4.819819315483337
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1qTVSEDbA1CAAqC:UJJISFcShcFP+4B7SFRClV1qDD8CAAqC
                                                                                                                                                                                                          MD5:534517144E5B9ED662526771BB5D7E13
                                                                                                                                                                                                          SHA1:2D1801E4179E2A6E5914764D944A9C472BF65E99
                                                                                                                                                                                                          SHA-256:43956946AEFEE50E01FDD4D54A6C597418ABCB02251F9D7695ED7039FD7A5FF6
                                                                                                                                                                                                          SHA-512:533F30D3288C2B827D29210C6890D600678DB4F67B9FFAB27046E5CA3931BC119DE4AF93FFA63929DCD9D7C0BABD69A25E7F52E697272F3226ED198C93A9A8CD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * mem.h maps to string.h. */.#ifndef.__STRICT_ANSI__.#include <string.h>.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-2QGRI.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1979
                                                                                                                                                                                                          Entropy (8bit):5.047752773488744
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDnZTwNe2FhqA7DiyX40E090m0c0/0vF7Gl0lF+yivXw0vZ0CZ0F2xFeHv:Gs6Z7aNA7bmwGOK0gZBZCQs
                                                                                                                                                                                                          MD5:83679DA78AAF8F8352ACB1883B9EF868
                                                                                                                                                                                                          SHA1:FD89079636571A93755120120AB4F03B91076478
                                                                                                                                                                                                          SHA-256:179C3204312D7CF8032102773629BCB3E5FFF792D1D808931CB6619A431D2435
                                                                                                                                                                                                          SHA-512:13AF1F2C118E898E6055CA61286C9766DF75366FF4F30708F613193CD8F89AFC4A4CC2FD31FC3AC6DCE5D577EE83E203F79ACA3B739D9D9E9E60B42CD9C7036E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_DIRECT.#define _INC_DIRECT..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _DISKFREE_T_DEFINED.#define _DISKFREE_T_DEFINED. struct _diskfree_t {. unsigned total_clusters;. unsigned avail_clusters;. unsigned sectors_per_cluster;. unsigned bytes_per_sector;. };.#endif.. _CRTIMP char *__cdecl _getcwd(char *_DstBuf,int _SizeInBytes);. _CRTIMP char *__cdecl _getdcwd(int _Drive,char *_DstBuf,int _SizeInBytes);. char *__cdecl _getdcwd_nolock(int _Drive,char *_DstBuf,int _SizeInBytes);. _CRTIMP int __cdecl _chdir(const char *_Path);. _CRTIMP int __cdecl _mkdir(const char *_Path);. _CRTIMP int __cdecl _rmdir(const char *_Path);. _CRTIMP int __cdecl _chdrive(int _Drive);. _CRTIMP in

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-34O27.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):23077
                                                                                                                                                                                                          Entropy (8bit):5.0910424086795425
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:lpwI012C9/SKSP4qROW8JuWucZBFRzWhHONMLPik9OeY:lpq2C9/FA4OOJr
                                                                                                                                                                                                          MD5:631F16C4A65CF2F47FA49C9220D9C500
                                                                                                                                                                                                          SHA1:330EADF08FDCB31747BF7C84182F2A5EECFA3FAB
                                                                                                                                                                                                          SHA-256:0BC33882BD2AF1E7D33C38C0160E2A0AE737836815360765750CDC7E98E5DFC5
                                                                                                                                                                                                          SHA-512:92EB690CA7D563269CEAEFFAC1F0FFBA6D010568431843F2DD82DCA7A1ACA0E6634C3335202ED5559FE631B0ED7C585DC1C3F5BB248FE3D571BA754B22B6AD5A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _MATH_H_.#define _MATH_H_..#if __GNUC__ >= 3.#pragma GCC system_header.#endif..#include <_mingw.h>..struct exception;..#pragma pack(push,_CRT_PACKING)..#define _DOMAIN 1.#define _SING 2.#define _OVERFLOW 3.#define _UNDERFLOW 4.#define _TLOSS 5.#define _PLOSS 6..#ifndef __STRICT_ANSI__.#ifndef.NO_OLDNAMES.#define DOMAIN _DOMAIN.#define SING _SING.#define OVERFLOW _OVERFLOW.#define UNDERFLOW _UNDERFLOW.#define TLOSS _TLOSS.#define PLOSS _PLOSS.#endif.#endif..#ifndef __STRICT_ANSI__.#define M_E 2.71828182845904523536.#define M_LOG2E 1.44269504088896340736.#define M_LOG10E 0.434294481903251827651.#define M_LN2 0.693147180559945309417.#define M_LN10 2.30258509299404568402.#define M_PI 3.14159265358979323846.#define M_PI_2 1.57079632679489661923.#define M_PI_4 0.785398163397

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-37HLN.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3339
                                                                                                                                                                                                          Entropy (8bit):4.737300914010111
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GzyKQvcpqt7K7PnON+J3esAYUJ0q/nfB2Vt7K7qpdSVNsJ35sAYqJ0q/WaLcC:ayfv0ONgcKqvspkVNyh8q+UcC
                                                                                                                                                                                                          MD5:AFBE32EE6DED8CBAD33D6FE3FBBF077D
                                                                                                                                                                                                          SHA1:A7F0D3EDEE5F49E127575EB25E64E2747108E7C3
                                                                                                                                                                                                          SHA-256:88C1F767FDCD6D51B991EE3234792DA48C8576F5F8816F17A42344F9C8BBB1C1
                                                                                                                                                                                                          SHA-512:F655A40F8C87A0CB43A34AE47612D5CEF2CF7814FD2AE9CE1C8566F97F45E91470364BD87E8C12861CCE44FB8CCA54717546BAACC6CCBDACE51D0D15206304DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* All the headers include this file. */.#include <_mingw.h>..#ifndef.__STRICT_ANSI__..#ifndef _DIRENT_H_.#define _DIRENT_H_...#pragma pack(push,_CRT_PACKING)..#include <io.h>..#ifndef RC_INVOKED..#ifdef __cplusplus.extern "C" {.#endif.. struct dirent. {. long..d_ino;../* Always zero. */. unsigned short.d_reclen;./* Always zero. */. unsigned short.d_namlen;./* Length of name in d_name. */. char*..d_name;../* File name. */. /* NOTE: The name in the dirent structure points to the name in the. * finddata_t structure in the DIR. */. };.. /*. * This is an internal data structure. Good programmers will not use it. * except as an argument to one of the functions below.. * dd_stat field is now int (was short in older versions).. */. typedef struct. {.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-3D3GL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20426
                                                                                                                                                                                                          Entropy (8bit):5.091356495974476
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:X5I7a44IVaadf7trkr6vrRcbCGX8XnaTjWb5:Uvf7trkr6vrRHaTjWb5
                                                                                                                                                                                                          MD5:53D74BF044942015FEC4AFD293D2F9A8
                                                                                                                                                                                                          SHA1:010AB014E3B81B3A7E2D1D87FF0281A8736A4ABC
                                                                                                                                                                                                          SHA-256:5BBA095A2D22A6BC0670F73BFEBBA63CFEC65F8B7C248E84E36B3D7EDE0A4F3C
                                                                                                                                                                                                          SHA-512:64B66F0D610D37E6F55702130FAD39F39D30F44D33221C6A985CD03948968D4C4CAFB7676402A9A4A029C8539EFBFA5801C0D1BCBF667B876F3E7BB08F9BF89F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDLIB.#define _INC_STDLIB..#include <_mingw.h>.#include <limits.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define EXIT_SUCCESS 0.#define EXIT_FAILURE 1..#ifndef _ONEXIT_T_DEFINED.#define _ONEXIT_T_DEFINED.. typedef int (__cdecl *_onexit_t)(void);..#ifndef NO_OLDNAMES.#define onexit_t _onexit_t.#endif.#endif..#ifndef _DIV_T_DEFINED.#define _DIV_T_DEFINED.. typedef struct _div_t {. int quot;. int rem;. } div_t;.. typedef struct _ldiv_t {. long quot;. long rem;. } ldiv_t;.#endif..#ifndef _CRT_DOUBLE_DEC.#define _CRT_DOUBLE_DEC..#pragma pack(4). typedef struct {. unsigned char ld[10];. } _LDOUBLE;.#pragma pack()..#defin

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-40FGR.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1090
                                                                                                                                                                                                          Entropy (8bit):5.185707945606799
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDLDhTwNeehqAaZzTcvYRkvF76bUge/xXmy:GyDCHcOV6bULZv
                                                                                                                                                                                                          MD5:3B6FBC94238DF0FD001B04D55BC899DB
                                                                                                                                                                                                          SHA1:231E18CE6A5488B2353FB9EF052FD6677C2CF555
                                                                                                                                                                                                          SHA-256:3AFEA4AE85C68987FE59F40592AC5EA3EF1049B4FB72612BB185358D628E2DEC
                                                                                                                                                                                                          SHA-512:28BA3ED6CC9511F17798822FA81A2D16DA17CA4AF9DA64F3EDC9170FBB883801BF07390214C54B58A32251E6A1C3BB359CB76E892DDB77FBF8C1BF3985E13E5E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_DOS.#define _INC_DOS..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _DISKFREE_T_DEFINED.#define _DISKFREE_T_DEFINED.. struct _diskfree_t {. unsigned total_clusters;. unsigned avail_clusters;. unsigned sectors_per_cluster;. unsigned bytes_per_sector;. };.#endif..#define _A_NORMAL 0x00.#define _A_RDONLY 0x01.#define _A_HIDDEN 0x02.#define _A_SYSTEM 0x04.#define _A_SUBDIR 0x10.#define _A_ARCH 0x20..#ifndef _GETDISKFREE_DEFINED.#define _GETDISKFREE_DEFINED. _CRTIMP unsigned __cdecl _getdiskfree(unsigned _Drive,struct _diskfree_t *_DiskFree);.#endif..#if (defined(_X86_) && !defined(__x86_64)). void __cdecl _disable(void);. void __cdecl _enable(void);.#endif..#ifndef.NO_OLDNAMES.#de

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-45C74.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10222
                                                                                                                                                                                                          Entropy (8bit):5.118611530215232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:cwxjJoLCBGnjq/Kn4aq3qvsbLJKr7nnJik1gngZxl9e7PpTGO+HT7R8AitqazIh5:cwzbLJyLnJ6O8PpTGOEiNzIhIbIXP3JF
                                                                                                                                                                                                          MD5:ACE688BCE0201B3B8BC3B7AF3CEC1BA7
                                                                                                                                                                                                          SHA1:7B967DE03772076207537292C4163994D4EAD095
                                                                                                                                                                                                          SHA-256:FACA8509C87FAE987A5E98CDC95171E036895037427D12930E2A83092D23FBB5
                                                                                                                                                                                                          SHA-512:A83753F6A1B82BCDFCF0B948C93F2E09A0A13105A112C161ABAD6DE84162DA67600CF5458FF51264DDC462077033DE3C8496E7B2251831871005D747AE58A24A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/* tccdefs.h.... Nothing is defined before this file except target machine, target os.. and the few things related to option settings in tccpp.c:tcc_predefs()..... This file is either included at runtime as is, or converted and.. included as C-strings at compile-time (depending on CONFIG_TCC_PREDEFS)..... Note that line indent matters:.... - in lines starting at column 1, platform macros are replaced by.. corresponding TCC target compile-time macros. See conftest.c for.. the list of platform macros supported in lines starting at column 1..... - only lines indented >= 4 are actually included into the executable,.. check tccdefs_.h...*/....#if __SIZEOF_POINTER__ == 4.. /* 32bit systems. */..#if defined TARGETOS_OpenBSD.. #define __SIZE_TYPE__ unsigned long.. #define __PTRDIFF_TYPE__ long..#else.. #define __SIZE_TYPE__ unsigned int.. #define __PTRDIFF_TYPE__ int..#endif.. #define __ILP32__ 1.. #define __INT64_TYPE__ long long..#el

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-4TO7G.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2686
                                                                                                                                                                                                          Entropy (8bit):5.279528518541247
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GXFLawQcx1ZvUTc/5p3C8QcvAv1p3R0C8+Rve/KQ1i5/o4XqzOvQQHc8/Y:sn91ZgcrCkvQv0C8ksd4na
                                                                                                                                                                                                          MD5:21CE377183014C3535643C9050306A33
                                                                                                                                                                                                          SHA1:41B25206EDD6309884312FD70026096C35A6DBEB
                                                                                                                                                                                                          SHA-256:39C0761F0E43D7B936B9B81C85673DD82896EBFA66E9F1B9A19B45F34E4CD52A
                                                                                                                                                                                                          SHA-512:3B0FA5D6EBB7AC47694C7D04B4835AF6C089344F7F8337DB74B34E3B46A1792295224DC232FAC1FD0DB482FC32C8A6A4BFCAF4F39C35DCCD98600181C314B43D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#ifndef _INC_LIMITS.#define _INC_LIMITS../*.* File system limits.*.* TODO: NAME_MAX and OPEN_MAX are file system limits or not? Are they the.* same as FILENAME_MAX and FOPEN_MAX from stdio.h?.* NOTE: Apparently the actual size of PATH_MAX is 260, but a space is.* required for the NUL. TODO: Test?.*/.#define PATH_MAX.(259)..#define CHAR_BIT 8.#define SCHAR_MIN (-128).#define SCHAR_MAX 127.#define UCHAR_MAX 0xff..#define CHAR_MIN SCHAR_MIN.#define CHAR_MAX SCHAR_MAX..#define MB_LEN_MAX 5.#define SHRT_MIN (-32768).#define SHRT_MAX 32767.#define USHRT_MAX 0xffff.#define INT_MIN (-2147483647 - 1).#define INT_MAX 2147483647.#define UINT_MAX 0xffffffff.#define LONG_MIN (-2147483647L - 1).#define LONG_MAX 2147483647L.#define ULONG_MAX 0xffffffffUL.#def

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-6P7I3.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1439
                                                                                                                                                                                                          Entropy (8bit):5.2295620824781714
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDaGduHH7PPW3ep0m3Vp0GrHt+5p0CKpmucLNw/HHsuHfgpbrRD:GRdm3emm3Vm+HOmCKmC1fgdp
                                                                                                                                                                                                          MD5:9C022D741996DB6D32411BFEF4EADB41
                                                                                                                                                                                                          SHA1:4BA93D77927EB8CFDCFE07F56D6EDADE180AF1DD
                                                                                                                                                                                                          SHA-256:3AB7EDEC5E55840C35BE252BAD52236955C3B4F9143810CDB1F09C34510EB8C4
                                                                                                                                                                                                          SHA-512:E448608BFECB770A087CB19934A1B45A5C564EA10BDF5A40BBB250F472830ECEE4990C669E90E495ECB5D4E48C3871CC2A33CE84F2D38524449FC9F5FD501DA0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef __ASSERT_H_.#define __ASSERT_H_..#include <_mingw.h>.#ifdef __cplusplus.#include <stdlib.h>.#endif..#ifdef NDEBUG.#ifndef assert.#define assert(_Expression) ((void)0).#endif.#else..#ifndef _CRT_TERMINATE_DEFINED.#define _CRT_TERMINATE_DEFINED. void __cdecl __MINGW_NOTHROW exit(int _Code) __MINGW_ATTRIB_NORETURN;. _CRTIMP void __cdecl __MINGW_NOTHROW _exit(int _Code) __MINGW_ATTRIB_NORETURN;.#if !defined __NO_ISOCEXT /* extern stub in static libmingwex.a */./* C99 function name */.void __cdecl _Exit(int) __MINGW_ATTRIB_NORETURN;.__CRT_INLINE __MINGW_ATTRIB_NORETURN void __cdecl _Exit(int status).{ _exit(status); }.#endif..#pragma push_macro("abort").#undef abort. void __cdecl __declspec(noreturn) abort(void);.#pragma pop_macro("abort")..#endif..#ifdef __cplusplus.ext

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-7FPGT.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4782
                                                                                                                                                                                                          Entropy (8bit):5.146949090032166
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:4+KnaNsLsNwnSTOXNXgXXXVX+1XPXmXIX6QXJX9XZXdwUSv:4+KA6O6XNXgXXXVXkXPXmXIXfXJX9XZK
                                                                                                                                                                                                          MD5:C238CFA11A44926BECD364AB35BFC821
                                                                                                                                                                                                          SHA1:54D68B8EF71D277BD5173E0AAC794D6EBDB00360
                                                                                                                                                                                                          SHA-256:E12D9C5BCBE4DFB96EA6C75410EA287917B3C24BFF9CD2E716D35E00C1D4906C
                                                                                                                                                                                                          SHA-512:C64F6A3B18D84C8498A2270E7152C4001D6D7EE1ACD04169F616A7808A05A02F34E2876BA0CB8D979AE75752109B50A65A66207C86FE936402BDA39AC93833C0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCTYPE.#define _INC_WCTYPE..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#define _WCHAR_T_DEFINED.#endif..#ifndef _WCTYPE_T_DEFINED. typedef unsigned short wint_t;. typedef unsigned short wctype_t;.#define _WCTYPE_T_DEFINED.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _CRT_CTYPEDATA_DEFINED.#define _CRT_CTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS..#ifndef __PCTYPE_FUNC.#define __PCTYPE_FUNC __pctype_func().#ifdef _MSVCRT_.#define __pctype_func() (_pctype).#else.#define __pctype_func() (*_imp___pctype).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-8M8PH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8590
                                                                                                                                                                                                          Entropy (8bit):4.845158903423087
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:9SahrQ/tJUaRaV/f7WtxfeiZDHy6U4diocGLIvHKLhfyW7Ja0+8:9sJlS6H
                                                                                                                                                                                                          MD5:7E3AC3220BF883DA2DB8CDC7B8100D0B
                                                                                                                                                                                                          SHA1:666E6F91306EF6412AE912FA386B3DECC6332AD5
                                                                                                                                                                                                          SHA-256:D5C02C22653784792EEFF04CC453467BA22C214D9ACE876127EAB5FCCCBCA762
                                                                                                                                                                                                          SHA-512:1E27E9E73C5D3FBEC7CE41CB3B5FD6615BACC416991321BCE22B599150902352CF60078CD447BBBBD49F3106254C5E88E3FB01CA7DE62DA9A4DEDB6FD60F9B7A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STRING.#define _INC_STRING..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _NLSCMP_DEFINED.#define _NLSCMP_DEFINED.#define _NLSCMPERROR 2147483647.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define _WConst_return _CONST_RETURN..#ifndef _CRT_MEMORY_DEFINED.#define _CRT_MEMORY_DEFINED. _CRTIMP void *__cdecl _memccpy(void *_Dst,const void *_Src,int _Val,size_t _MaxCount);. _CONST_RETURN void *__cdecl memchr(const void *_Buf ,int _Val,size_t _MaxCount);. _CRTIMP int __cdecl _memicmp(const void *_Buf1,const void *_Buf2,size_t _Size);. _CRTIMP int __cdecl _memicmp_l(const void *_Buf1,const void *_Buf2,size_t _Size,_locale_t _Locale);. int __cdecl memcmp(const void *_Buf1,const void *_Bu

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-9BJ92.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13067
                                                                                                                                                                                                          Entropy (8bit):5.032337228232408
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:Y8Bx8BjP8BJPKf37Rw8z/hI9B3mpv6O3O8iONUO5OG0xLIJ8SNgVSAMczPO8cONU:r02oxz7vX+8fNxIG0S8SNgVxz28ZNU
                                                                                                                                                                                                          MD5:4AC0744EF16453FEBED8DE4242997946
                                                                                                                                                                                                          SHA1:B092C9006DE0A8DBE7F0FF568B6CAAFB00B4C90A
                                                                                                                                                                                                          SHA-256:5DA97C850E8E2AB608C42947A33411F556F6D75B8264E1E5CF29CA7BA7B96256
                                                                                                                                                                                                          SHA-512:1EC9947C6FE0160954F3922D6990863865D274874C31355F0838CCBB1BBF6650A9A3F0D3590537A189AFBF80E33CDE5393260FDD5F3EA5A736A066CDCC5FF815
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:./**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _IO_H_.#define _IO_H_..#include <_mingw.h>.#include <string.h>..#pragma pack(push,_CRT_PACKING)..#ifndef _POSIX_..#ifdef __cplusplus.extern "C" {.#endif.._CRTIMP char* __cdecl _getcwd (char*, int);.#ifndef _FSIZE_T_DEFINED. typedef unsigned long _fsize_t;.#define _FSIZE_T_DEFINED.#endif..#ifndef _FINDDATA_T_DEFINED.. struct _finddata32_t {. unsigned attrib;. __time32_t time_create;. __time32_t time_access;. __time32_t time_write;. _fsize_t size;. char name[260];. };../*#if _INTEGRAL_MAX_BITS >= 64*/.. struct _finddata32i64_t {. unsigned attrib;. __time32_t time_create;. __time32_t time_access;. __time32_t time_write;. __int64 size;. char name[260];. };.. struct _finddata64i32_t {. unsigned attrib;. __time64_t time_create

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-AV53V.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1233
                                                                                                                                                                                                          Entropy (8bit):5.1075312514305296
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDYqsS6s1UzFf5wNaCmwN0PK0PQvYaH2l2X:GlS6s1k5wNaRwNt95H2U
                                                                                                                                                                                                          MD5:29F62B1ADD26DC1AED3FAAD03FAC030D
                                                                                                                                                                                                          SHA1:6F605B9A153A987F2939AE6500D6391FDC107332
                                                                                                                                                                                                          SHA-256:B4341E188913A819FA3BF101078A95CA077780219373F424C39AD86C94E04B6F
                                                                                                                                                                                                          SHA-512:3D98E9F039DDA694A660BA7D2F7906FCD60016DC6A8FED78CEB7B191618318A68D34169B9480BA5727730F6BD6357A13FD02E0CDCA5439A45E06D2F0D61DABE0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_MEMORY.#define _INC_MEMORY..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CONST_RETURN.#define _CONST_RETURN.#endif..#define _WConst_return _CONST_RETURN..#ifndef _CRT_MEMORY_DEFINED.#define _CRT_MEMORY_DEFINED. _CRTIMP void *__cdecl _memccpy(void *_Dst,const void *_Src,int _Val,size_t _MaxCount);. _CONST_RETURN void *__cdecl memchr(const void *_Buf ,int _Val,size_t _MaxCount);. _CRTIMP int __cdecl _memicmp(const void *_Buf1,const void *_Buf2,size_t _Size);. _CRTIMP int __cdecl _memicmp_l(const void *_Buf1,const void *_Buf2,size_t _Size,_locale_t _Locale);. int __cdecl memcmp(const void *_Buf1,const void *_Buf2,size_t _Size);. void *__cdecl memcpy(void *_Dst,const void *_Src,size_t _Size);. void *__cdecl memset(void *_Dst,int _Val,si

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-BMNFF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9755
                                                                                                                                                                                                          Entropy (8bit):5.0535405224800884
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:aK0sBzLLoy8q3JHZDrs+UAt0g7WnBeaIlzjD:EALLb8ars+Flzf
                                                                                                                                                                                                          MD5:22E5A00491E32D15B40B196397AD01C1
                                                                                                                                                                                                          SHA1:B0DB6FCBF4ABD2F4FDEA2771399C1E502D9F8106
                                                                                                                                                                                                          SHA-256:4CFAAA43B3F7414984126E8B1CDF65F9DAC0EF68D9A3396BE0B8828376A74A6B
                                                                                                                                                                                                          SHA-512:28839104776441738233334A20DE6CE3ADA51179FB50366C27AB60432949FC78E1CCF735D2E80216F8779D84328634005C322D0010875E8FE0FF33D699ECC114
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_CTYPE.#define _INC_CTYPE..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _CRT_CTYPEDATA_DEFINED.#define _CRT_CTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS..#ifndef __PCTYPE_FUNC.#define __PCTYPE_FUNC __pctype_func().#ifdef _MSVCRT_.#define __pctype_func().(_pctype).#else.#define __pctype_func().(*_imp___pctype).#endif.#endif..#ifndef _pctype.#ifdef _MSVCRT_. extern unsigned short *_pctype;.#else. extern unsigned short **_imp___pctype;.#define _pctype (*_imp___pctype).#endif.#endif..#endif.#endif..#ifndef _CRT_WCTYPEDATA_DEFINED.#define _CRT_WCTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS.#ifndef _wctype.#ifdef _MSVCRT_. extern unsigned short *_wctype;.#else. extern unsigned short **_im

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-C5AM9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6333
                                                                                                                                                                                                          Entropy (8bit):5.377774221268906
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Od4Q69/YQhMgPRVQzD+5VO7wRUNsNwxzMD2eT:Ou/f3Riz65VO7wRUNsNwxG
                                                                                                                                                                                                          MD5:90C1945AFA014FC0F8D17078C51502CA
                                                                                                                                                                                                          SHA1:F3A15DC3E32ED97B8CC34C1AFA2C66ECBA3B3BE4
                                                                                                                                                                                                          SHA-256:33C6C8DA7D564B5702AF8C6FF45C00A16842BA3FFE3F95F7F6232752F63C5AFD
                                                                                                                                                                                                          SHA-512:BE8557BDA158662ACC18CBD4445D4D2E6787FB5C78A67F0D0E4A62FFC9D2B1173C30C66CA5C6A247DA8FE7C38B7C57AFF050BD4A35B0120BD95400CFB4C2C2B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* ISO C9x 7.18 Integer types <stdint.h>. * Based on ISO/IEC SC22/WG14 9899 Committee draft (SC22 N2794). *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * Contributor: Danny Smith <danny_r_smith_2001@yahoo.co.nz>. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. * Date: 2000-12-02. */...#ifndef _STDINT_H.#define _STDINT_H..#include <_mingw.h>..#define __need_wint_t.#define __need_wchar_t.#include "stddef.h"..#ifndef __int8_t_defined.#define __int8_t

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-D7525.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14903
                                                                                                                                                                                                          Entropy (8bit):5.137879509844942
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:VgGovkt8YzcfdLDQgPVj85xhpp0DghdWRUeuzIDcDW40aMsGQLZX9QLbiR:KGr8ocfdL0w5shpwf40lsGQ6biR
                                                                                                                                                                                                          MD5:F4948ADEA7D9F60748DE8B427AB85684
                                                                                                                                                                                                          SHA1:101AD5424E182236EB7F537F17CE846C917CED27
                                                                                                                                                                                                          SHA-256:749059834143BCD5BDCEA13FC863C8B6587A89D6DFC84CD5017A98DF190DEFBD
                                                                                                                                                                                                          SHA-512:49847CA1A78BC100739B3AFC8A0D607AC37E340CEBBB0C04B2C067CDBDD6ED33AC5557214282699A89E39F4B8BB3A8B6383FC0A25C19265089E09B08765EA693
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDIO.#define _INC_STDIO..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#define BUFSIZ 512.#define _NFILE _NSTREAM_.#define _NSTREAM_ 512.#define _IOB_ENTRIES 20.#define EOF (-1)..#ifndef _FILE_DEFINED. struct _iobuf {. char *_ptr;. int _cnt;. char *_base;. int _flag;. int _file;. int _charbuf;. int _bufsiz;. char *_tmpfname;. };. typedef struct _iobuf FILE;.#define _FILE_DEFINED.#endif..#ifdef _POSIX_.#define _P_tmpdir "/".#define _wP_tmpdir L"/".#else.#define _P_tmpdir "\\".#define _wP_tmpdir L"\\".#endif..#define L_tmpnam (sizeof(_P_tmpdir) + 12)..#ifdef _POSIX_.#define L_ctermid 9.#define L_cuserid 32.#endif..#define SEEK_CUR 1.#define SEEK_END 2.#define SEEK_SET 0..#define STDIN_FILENO

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-DULMF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1269
                                                                                                                                                                                                          Entropy (8bit):5.067511244355359
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDeLwFq64bCszOD1zr/Aob1UBFv1tDaMLQHy2RoP/17FN:GOFq6UkybLGMLgyx/17z
                                                                                                                                                                                                          MD5:478ADD63D2C741D03A60A11BDC4FC0D3
                                                                                                                                                                                                          SHA1:E9E0C857D2C409F23C346D81B77C5634F1C395AB
                                                                                                                                                                                                          SHA-256:FBD94F945A57165AC897BDBACD2A861B1351E7850FA76752703C0A622E0646FA
                                                                                                                                                                                                          SHA-512:BCCC563718B1A03E93E5BF8CF0D79BB3128A3FC1FDD6FBC17792CBAF3C5DE70DE06EC2F88D8EED7105FF62056E32E9A79570F5890E75F4443033421D283B2FEC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#include <io.h>..#ifndef _INC_FCNTL.#define _INC_FCNTL..#define _O_RDONLY 0x0000.#define _O_WRONLY 0x0001.#define _O_RDWR 0x0002.#define _O_APPEND 0x0008.#define _O_CREAT 0x0100.#define _O_TRUNC 0x0200.#define _O_EXCL 0x0400.#define _O_TEXT 0x4000.#define _O_BINARY 0x8000.#define _O_WTEXT 0x10000.#define _O_U16TEXT 0x20000.#define _O_U8TEXT 0x40000.#define _O_ACCMODE (_O_RDONLY|_O_WRONLY|_O_RDWR)..#define _O_RAW _O_BINARY.#define _O_NOINHERIT 0x0080.#define _O_TEMPORARY 0x0040.#define _O_SHORT_LIVED 0x1000..#define _O_SEQUENTIAL 0x0020.#define _O_RANDOM 0x0010..#if !defined(NO_OLDNAMES) || defined(_POSIX).#define O_RDONLY _O_RDONLY.#define O_WRONLY _O_WRONLY.#define O_RDWR _O_RDWR.#define O_APPEND _O_APPEND.#define O_CREAT _O_CREAT.#define O_TRUNC _O_TRUNC

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-EBO62.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11130
                                                                                                                                                                                                          Entropy (8bit):4.886603456377803
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R9IFnJJzpoJItwJ+Y31t1d1uF8sFX9B17lHLQWq4QcHyQA3sG1:XI4IJ2WzPw
                                                                                                                                                                                                          MD5:6A61E54AD2614BA528414C7B69147CAF
                                                                                                                                                                                                          SHA1:242479133484E15A2AF816D95DDB053835BF4C64
                                                                                                                                                                                                          SHA-256:DE7161F85835D98B38FE6A19EF8973DCAF58EC237B1C91CF05AC535B2FF3845F
                                                                                                                                                                                                          SHA-512:468702A606E20FFA893054F676C56DFE6EB3D28A002BAE143298422AB388A2F2F78E318714F5274BC9EBD243863F5228D5EBEAD5F31D892E96D8742C8E6846A1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_CONIO.#define _INC_CONIO..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP char *_cgets(char *_Buffer);. _CRTIMP int __cdecl _cprintf(const char *_Format,...);. _CRTIMP int __cdecl _cputs(const char *_Str);. _CRTIMP int __cdecl _cscanf(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _getch(void);. _CRTIMP int __cdecl _getche(void);. _CRTIMP int __cdecl _vcprintf(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_p(const char *_Format,...);. _CRTIMP int __cdecl _vcprintf_p(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_l(const char *_Format,_loc

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-EJ9LQ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):355
                                                                                                                                                                                                          Entropy (8bit):4.9174278150037285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2Ti2F0A/ivi+M8WjTffBX5FoKtn+cs:UJJISFcShcFP+4B6Xr/qi+MHjjfBcKta
                                                                                                                                                                                                          MD5:8C659FCB5BA111C2A40716A84A2540D8
                                                                                                                                                                                                          SHA1:20069AF3A3805CF4CB05339F7A7A860F04A1E4B9
                                                                                                                                                                                                          SHA-256:07858857F4EED0A61DF94BEB1A9D678B53FC3D67A0B0E8936155F85DDBCD1DCC
                                                                                                                                                                                                          SHA-512:D1B19DEC523C79320BB3380F29981A49EFB178F06C0538BCE0A5B36AFEABEC9BE0F2A9D02436EDF2AC0970CB14B175B3387BBB14A1E5F62EEC9971C0C7648A99
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _VARARGS_H.#define _VARARGS_H..#error "TinyCC no longer implements <varargs.h>.".#error "Revise your code to use <stdarg.h>."..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-FTEJ1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6072
                                                                                                                                                                                                          Entropy (8bit):5.148919168403688
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:a0GgtlRUn9ZpD5AgcpqdvDp/pwZzSAGkKTskBkbBpbwlHrhchgM2bRBhuYBbV3VU:a0GgJUn9ZpD+gcpqdvDp/pwZzP1iskSX
                                                                                                                                                                                                          MD5:6BB72461C8C72CC3B96F78C73FA803BA
                                                                                                                                                                                                          SHA1:4506FB8BFA1622D4533DB176B3DCFAB0AE021672
                                                                                                                                                                                                          SHA-256:4194C0408CDBA330B7CFA1D2091D72A0CFBF2077FF1FEB19F436F3F3AA2ADF18
                                                                                                                                                                                                          SHA-512:5F6D95651183FBCE7490A619D37672F2D3BAC516319D0EDCD4E782A77632B457632EB83AB54B67132752649FBBFBD1D4EB2B4ABA2622BDF729F0C4BD7509DB2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* 7.8 Format conversion of integer types <inttypes.h> */..#ifndef _INTTYPES_H_.#define _INTTYPES_H_..#include <_mingw.h>.#include <stdint.h>.#define __need_wchar_t.#include <stddef.h>..#ifdef.__cplusplus.extern."C".{.#endif..typedef struct {..intmax_t quot;..intmax_t rem;..} imaxdiv_t;..#if !defined(__cplusplus) || defined(__STDC_FORMAT_MACROS)../* 7.8.1 Macros for format specifiers. * . * MS runtime does not yet understand C9x standard "ll". * length specifier. It appears to treat "ll" as "l".. * The non-standard I64 length specifier causes warning in GCC,. * but understood by MS runtime functions.. */../* fprintf macros for signed types */.#define PRId8 "d".#define PRId16 "d".#define PRId32 "d".#define PRId64 "I64d"..#define PRIdLEAST8 "d".#define PRIdLEAST16 "d".#define PR

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-H0IHB.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):31364
                                                                                                                                                                                                          Entropy (8bit):4.752286291497649
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:ngntwzzdfQQbqvoRFCM/CVwLn4wyQoPUQ:PzdfQQbqvo1UwNoPUQ
                                                                                                                                                                                                          MD5:E237270733EDC1CB97B10870A3D50A69
                                                                                                                                                                                                          SHA1:C2406D465B5E8D94E1CB61C6C3F312BDB018AC80
                                                                                                                                                                                                          SHA-256:7FE5FDE028FF8F69D2BDA910664E2C169E7B92C6E7F2CF7915EB72054A9746FF
                                                                                                                                                                                                          SHA-512:8DF9ADD42AD3C8C378E93AF4BEC69489D59B8088974A40EC04FB91749DC050E3000674C9388FAE9937F87D6ABB60199B13D179BF0A8654370A66DB64CDD2E1B1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#ifndef _INC_TCHAR.#define _INC_TCHAR..#ifdef _STRSAFE_H_INCLUDED_.#error Need to include strsafe.h after tchar.h.#endif..#ifdef __cplusplus.extern "C" {.#endif..#define _ftcscat _tcscat.#define _ftcschr _tcschr.#define _ftcscpy _tcscpy.#define _ftcscspn _tcscspn.#define _ftcslen _tcslen.#define _ftcsncat _tcsncat.#define _ftcsncpy _tcsncpy.#define _ftcspbrk _tcspbrk.#define _ftcsrchr _tcsrchr.#define _ftcsspn _tcsspn.#define _ftcsstr _tcsstr.#define _ftcstok _tcstok..#define _ftcsdup _tcsdup.#define _ftcsnset _tcsnset.#define _ftcsrev _tcsrev.#define _ftcsset _tcsset..#define _ftcscmp _tcscmp.#define _ftcsicmp _tcsicmp.#define _ftcsnccmp _tcsnccmp.#define _ftcsncmp _tcsncmp.#define _ftcsncicmp _tcsncicmp.#define _ftcsnicmp _tcsnicmp..#define _ftcscoll _tc

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-HHTRD.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):304
                                                                                                                                                                                                          Entropy (8bit):4.976431807239841
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2n2ADbA96Iy/KTMk:UJJISFcShcFP+4BbHYPSN
                                                                                                                                                                                                          MD5:DDA4463DA15121ED7AD4F091FBF61DFF
                                                                                                                                                                                                          SHA1:84B4C4973306EF725C3F61446AB891CAC6AA66A4
                                                                                                                                                                                                          SHA-256:2E6AB359559319A11A80F8F52AA0472CD0B141137F3A1EAA18C40D8827DC51D4
                                                                                                                                                                                                          SHA-512:D3417CF7702A17F0F327CBAF8D167D7830A2955C19D553893329696CDF2312707595CF0F6DDAA36EA18D0CEA41F24E6FA9C15AC14D5BC567BC25A1CC81B733FE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_VADEFS.#define _INC_VADEFS..//!__TINYC__: GNUC specific stuff removed..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-I8P0I.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9091
                                                                                                                                                                                                          Entropy (8bit):5.046593382105061
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:kVIYQ03tIPjxoNimr4mJ6hIO0XtcsQQ05vQTcsBOdFS3b6dyntql+:kVIYQ03tIPjxoNimr4mJ6hIOmcsQQ05E
                                                                                                                                                                                                          MD5:F06EDAF6AB750607C33C37BFE50B2EB2
                                                                                                                                                                                                          SHA1:CA3AFC7781760D84432B06567AFBDA24587757DD
                                                                                                                                                                                                          SHA-256:6947C954F2AF676E66CC38D64B1A165428734000E2E272F883C2D74A85B82020
                                                                                                                                                                                                          SHA-512:9926B19FBD4B30ECF6682AE5945401E4387D2B5CE02D7643B51C660462B761B08F52A99F2B7DA73B574C7BC6388CD23CA3ED8451A3CF2B3501AD217925A503EB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_PROCESS.#define _INC_PROCESS..#include <_mingw.h>../* Includes a definition of _pid_t and pid_t */.#include <sys/types.h>..#ifndef _POSIX_.#ifdef __cplusplus.extern "C" {.#endif..#define _P_WAIT 0.#define _P_NOWAIT 1.#define _OLD_P_OVERLAY 2.#define _P_NOWAITO 3.#define _P_DETACH 4.#define _P_OVERLAY 2..#define _WAIT_CHILD 0.#define _WAIT_GRANDCHILD 1.. _CRTIMP uintptr_t __cdecl _beginthread(void (__cdecl *_StartAddress) (void *),unsigned _StackSize,void *_ArgList);. _CRTIMP void __cdecl _endthread(void);. _CRTIMP uintptr_t __cdecl _beginthreadex(void *_Security,unsigned _StackSize,unsigned (__stdcall *_StartAddress) (void *),void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr);. _CRTIMP void __cdecl _endthreadex(unsigned _Retval);..#ifndef _CRT_TERMINATE_DE

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-IMQBP.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):952
                                                                                                                                                                                                          Entropy (8bit):4.981227039868006
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDadJeDoxsClLEdPQq15Fo30wLwNOk60:GYo6XDQsLp
                                                                                                                                                                                                          MD5:EF5C7267DF270272BFA8F8EBD1B516F2
                                                                                                                                                                                                          SHA1:1E3F8A9AFD814EFA8CF7C88DC480E9914A5BC570
                                                                                                                                                                                                          SHA-256:84064B17E501D691C43D47E45B112C2884DB467417910B5FA1482B72342BADFB
                                                                                                                                                                                                          SHA-512:8CA2B0E08B66EAA843FC7AD0F8F4063450A469914819A637AA3F8CAC39DD38E32CC0403F2B04F767AE486934026585B56F93544C8A1F5D92CCE32CE84A4506F4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* . * dir.h. *. * This file OBSOLESCENT and only provided for backward compatibility.. * Please use io.h instead.. *. * This file is part of the Mingw32 package.. *. * Contributors:. * Created by Colin Peters <colin@bird.fu.is.saga-u.ac.jp>. * Mumit Khan <khan@xraylith.wisc.edu>. *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. */..#include <io.h>..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-JUP9T.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3865
                                                                                                                                                                                                          Entropy (8bit):5.239566441223487
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:aOgQsLqPQLHbXTN6oYsNhd6vgAwFQCbTprO5BPPTeraG9n0WP/zgSRQh:aOgQO3hdE8KBPPTrGHU5
                                                                                                                                                                                                          MD5:DC2829239704CDD5A5109699666FA573
                                                                                                                                                                                                          SHA1:60C09E102F552444D59ED9ED474E667136C16DC0
                                                                                                                                                                                                          SHA-256:AB4BE7D34E7FA0E722F0948E0C90AD4D95B8A1EC649C2F186DFA387B57BE7833
                                                                                                                                                                                                          SHA-512:F3551AEF2A0FFE42A16F1A8BE26B2C2722E773A59D21B60B2454AB0B68B008402623F378D2AFAA30FEBA87F560475A52D2899E6D062BD7F88E22119B25231F17
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*. * _mingw.h. *. * This file is for TinyCC and not part of the Mingw32 package.. *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. */..#ifndef __MINGW_H.#define __MINGW_H../* some winapi files define these before including _mingw.h --> */.#undef __cdecl.#undef _X86_.#undef WIN32./* <-- */..#include <stddef.h>.#include <stdarg.h>..#define __int8 char.#define __int16 short.#define __int32 int.#define __int64 long long.#define _HAVE_INT64..#define __cdecl.#define __declspec(x) __attribute__((x)).#define __unaligned __attribute__((packed)).#define __fastcall __attribute__((fastcall))..#define __MSVCRT__ 1.#undef _MSVCRT_

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-K22G7.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):164
                                                                                                                                                                                                          Entropy (8bit):4.396200340591225
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:YRTvF08wB32DsxQGG+TSERKR9BeCTSERKRIHTSERKR7LsyodP1XGZovVOMD:oF08iGDsx9TSEIToCTSEIcTSEIVun4yJ
                                                                                                                                                                                                          MD5:623F15DB2D9075E9DE1E1E5217854933
                                                                                                                                                                                                          SHA1:247EBCAA4F74507EDC5E06E2382378561E67027E
                                                                                                                                                                                                          SHA-256:2C63CD52CD589A204C8E5F75B9179FD520BE1A0770A698303526BE4069613E3B
                                                                                                                                                                                                          SHA-512:34555DF799E9F54EFDFF3BE4498CF20565935A0D5A116D030475042E3BD1CEA9F949A8CC4D9DD5C320FD528879B6221CA70CA0B9068C1AC6381B55C4756D92C4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef celib_h..#define celib_h....typedef struct _cecs..{.. volatile int locked;.. volatile int threadif;.. volatile int lockcount; ..} cecs, *Pcecs;....#endif

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-L1DGU.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):34132
                                                                                                                                                                                                          Entropy (8bit):5.065285191271868
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:2186Orc7LIJ8SNgVx6eG17k8MGOHlE4eGP0+aILsGQ86jWIwF2iiEYbS:2IcE8SNgVx61JC6jry2E
                                                                                                                                                                                                          MD5:D6B25F8E3068967751493431B36C4248
                                                                                                                                                                                                          SHA1:3145ED71F286525D1FF492AE920B30694123259E
                                                                                                                                                                                                          SHA-256:C9BF12E02A2AB0783ED1C66DFE43DE43C402B33906CADA9B1157502A82C7C3E4
                                                                                                                                                                                                          SHA-512:02A480389CECC909978130585609F57D03728726E72E5FEE89874ACCA4122D971D74FC615949F8675513EDCFE3198201AD0118F795B147C6FCA10D28E8856645
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCHAR.#define _INC_WCHAR..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WCHAR_MIN /* also at stdint.h */.#define WCHAR_MIN 0.#define WCHAR_MAX ((wchar_t) -1) /* UINT16_MAX */.#endif..#ifndef __GNUC_VA_LIST.#define __GNUC_VA_LIST. typedef __builtin_va_list __gnuc_va_list;.#endif..#ifndef _VA_LIST_DEFINED.#define _VA_LIST_DEFINED. typedef __gnuc_va_list va_list;.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _FILE_DEFINED. struct _iobuf {. char *_ptr;. int _cnt;. char *_base;. int _flag;. int _file;. int _charbuf;. int _bufsiz;. char *_tmpfname;. };. typedef struct _iobuf FILE;.#define _FILE_DEFINED.#endif..#ifndef _STDIO_DEFINED.#ifdef _WIN64. _CRTIMP FILE *__

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-M5AV9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):176
                                                                                                                                                                                                          Entropy (8bit):4.607652660491414
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:YDC60AhCWNRSh4Hf9OKhW70rAcM05eB70AUrEtvQ7DM0zU2kx4Cv:mp0AnRoCkKu0McM0sF0AUn7f4Tv
                                                                                                                                                                                                          MD5:7D294F4EC2C9640974803A61153EF3DD
                                                                                                                                                                                                          SHA1:3BC244518F863B754A97CA1B756580974C0D4356
                                                                                                                                                                                                          SHA-256:5252824225DDC486B0460677F765E4157AF5D3ED7ACD65B310A4045EAFB56AF7
                                                                                                                                                                                                          SHA-512:FF09177DCD695A185D66AFA8405EB7BF0883D4C1E6507F00A12CD958562E2F0444867F6DABDEE6E50CD5977897E4D878F31CB51888BA6878829C96CBF80FB283
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _STDBOOL_H.#define _STDBOOL_H../* ISOC99 boolean */..#define bool._Bool.#define true.1.#define false.0.#define __bool_true_false_are_defined 1..#endif /* _STDBOOL_H */.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-MEENJ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3146
                                                                                                                                                                                                          Entropy (8bit):5.109358717547865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GjF4XfZlIPU0rBLeGwDO0QZFxI2bMCaZSpEhW8bxv:CivoPU0rBLeRDO0QfxI2YCaZZhNl
                                                                                                                                                                                                          MD5:DEEC7C35F77EC8E22074667641CA8851
                                                                                                                                                                                                          SHA1:8CCE6B663A9A04B3C13AA6621B0798E487A8A88E
                                                                                                                                                                                                          SHA-256:67A827ACF4E09653AFB5D18F2ECAA5FCDFB7471D8A5B8197C2F33D06E8462F84
                                                                                                                                                                                                          SHA-512:8DE2B82B0579E6C37546A26BC1AB5D7603090E815D8CE728474B1405339AB4EF4F0794DF19FF4CC3780AA7259288D4D93FD50B0E9C63D413FF22AD5E72BFCBE5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _FENV_H_.#define _FENV_H_..#include <_mingw.h>../* FPU status word exception flags */.#define FE_INVALID.0x01.#define FE_DENORMAL.0x02.#define FE_DIVBYZERO.0x04.#define FE_OVERFLOW.0x08.#define FE_UNDERFLOW.0x10.#define FE_INEXACT.0x20.#define FE_ALL_EXCEPT (FE_INVALID | FE_DENORMAL | FE_DIVBYZERO \... | FE_OVERFLOW | FE_UNDERFLOW | FE_INEXACT)../* FPU control word rounding flags */.#define FE_TONEAREST.0x0000.#define FE_DOWNWARD.0x0400.#define FE_UPWARD.0x0800.#define FE_TOWARDZERO.0x0c00../* The MXCSR exception flags are the same as the. FE flags. */.#define __MXCSR_EXCEPT_FLAG_SHIFT 0../* How much to shift FE status word exception flags. to get MXCSR rounding flags, */.#define __MXCSR_ROUND_FLAG_SHIFT 3..#ifndef RC_INVOKED./*. For now, support only for t

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-NKDHL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1410
                                                                                                                                                                                                          Entropy (8bit):5.11838654592129
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDZ8CF1niJLkkutU0IdH6lO7baol3fRfUJhBJXs:Gi4YeH8915s
                                                                                                                                                                                                          MD5:B81E5A965ABD076FB52DE6DFA22A78C4
                                                                                                                                                                                                          SHA1:DC11ACF6A38871E60D79108DAD6C3156715F05E7
                                                                                                                                                                                                          SHA-256:7C8494FE57D944773861C4C1CC1F2B46B3111144A24BF505B3D47B32F0AC1E8A
                                                                                                                                                                                                          SHA-512:8F3057882753150FEFA734897ECFD8DC4082580E856947910FCD891D744651706338A7DF78C1DCF1C7E54EE79EA2A6E8D2646BE9DAC92EF301D7347801F04273
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_ERRNO.#define _INC_ERRNO..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRT_ERRNO_DEFINED.#define _CRT_ERRNO_DEFINED. _CRTIMP extern int *__cdecl _errno(void);.#define errno (*_errno()).. errno_t __cdecl _set_errno(int _Value);. errno_t __cdecl _get_errno(int *_Value);.#endif..#define EPERM 1.#define ENOENT 2.#define ESRCH 3.#define EINTR 4.#define EIO 5.#define ENXIO 6.#define E2BIG 7.#define ENOEXEC 8.#define EBADF 9.#define ECHILD 10.#define EAGAIN 11.#define ENOMEM 12.#define EACCES 13.#define EFAULT 14.#define EBUSY 16.#define EEXIST 17.#define EXDEV 18.#define ENODEV 19.#define ENOTDIR 20.#define EISDIR 21.#define ENFILE 23.#define EMFILE 24.#define ENOTTY 25.#define EFBIG 27.#define ENOSPC 28.#define ESPIPE 29.#define EROFS 30.#de

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-Q7UFI.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1402
                                                                                                                                                                                                          Entropy (8bit):4.8724440555000506
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:d19VSrcs/mbR/4Cm+iOwHCFFfJNn9DAP6V2OCB6E7LuNcWmY/CDGAsC:5VSrH/TCeCFD59DGJUEnhzY/6GA9
                                                                                                                                                                                                          MD5:8B03F5DA84F6175FB1213C1208BB0944
                                                                                                                                                                                                          SHA1:FB7A374705241EE8BA4C59C6BD4829A97B90FA55
                                                                                                                                                                                                          SHA-256:C91FFAAEF5231C6D7E744E0700F1F429C9CFAD88A4112FDD5ABABB701F3B5A4B
                                                                                                                                                                                                          SHA-512:038DA70FFDA4BF66CDF6D0D6792F51B140B0E6EEC8351A286A51D454A81E0571779E16985519DAB47F3B48E6102A54A40101634B86F556C95C2128DC6AED4283
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _STDDEF_H.#define _STDDEF_H..typedef __SIZE_TYPE__ size_t;.typedef __PTRDIFF_TYPE__ ssize_t;.typedef __WCHAR_TYPE__ wchar_t;.typedef __PTRDIFF_TYPE__ ptrdiff_t;.typedef __PTRDIFF_TYPE__ intptr_t;.typedef __SIZE_TYPE__ uintptr_t;..#ifndef __int8_t_defined.#define __int8_t_defined.typedef signed char int8_t;.typedef signed short int int16_t;.typedef signed int int32_t;.#ifdef __LP64__.typedef signed long int int64_t;.#else.typedef signed long long int int64_t;.#endif.typedef unsigned char uint8_t;.typedef unsigned short int uint16_t;.typedef unsigned int uint32_t;.#ifdef __LP64__.typedef unsigned long int uint64_t;.#else.typedef unsigned long long int uint64_t;.#endif.#endif..#ifndef NULL.#define NULL ((void*)0).#endif..#define offsetof(type, field) ((size_t)&((type *)0)->field)..void *alloca(size_t size);..#endif../* Older glibc require a wint_t from <stddef.h> (when requested. by __need_wint_t, as otherwise stddef.h isn't allowed to. define this type). Note that this must

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-RMJML.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5214
                                                                                                                                                                                                          Entropy (8bit):5.2821319558661655
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:y4bSZjA6r8VdQINtNy6XVqB4/mLErYQ015U/dIuvwQRbZBq35jU:9urrSXIzGdIuvwQR9YJo
                                                                                                                                                                                                          MD5:537BC027E86F7252D88B6BF2FE5B2F35
                                                                                                                                                                                                          SHA1:7F3361D220F96AD1B93669254937929F267CC333
                                                                                                                                                                                                          SHA-256:7307FF330B8D7954D548E19E45887ED64DE36DA5BEE1FDA2CC021F0C1C1892BD
                                                                                                                                                                                                          SHA-512:3D7693F46FE1272DECBA8EFB6A01853786419055CF338CC900C9FE3EC1B795BA25E16878A5D53261BF3BC3BAB7525110B6F1844501D5FB6BE45C57B5D277F625
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _MALLOC_H_.#define _MALLOC_H_..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifndef _MM_MALLOC_H_INCLUDED.#define _MM_MALLOC_H_INCLUDED.#endif..#ifdef __cplusplus.extern "C" {.#endif..#ifdef _WIN64.#define _HEAP_MAXREQ 0xFFFFFFFFFFFFFFE0.#else.#define _HEAP_MAXREQ 0xFFFFFFE0.#endif..#ifndef _STATIC_ASSERT.#define _STATIC_ASSERT(expr) extern void __static_assert_t(int [(expr)?1:-1]).#endif../* Return codes for _heapwalk() */.#define _HEAPEMPTY (-1).#define _HEAPOK (-2).#define _HEAPBADBEGIN (-3).#define _HEAPBADNODE (-4).#define _HEAPEND (-5).#define _HEAPBADPTR (-6)../* Values for _heapinfo.useflag */.#define _FREEENTRY 0.#define _USEDENTRY 1..#ifndef _HEAPINFO_DEFINED.#define _HEAPINFO_DEFINED. /* The structure used to walk through the heap with _heapwalk.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-THMAN.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3867
                                                                                                                                                                                                          Entropy (8bit):5.235190435579294
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:hINzkdpqiPK62I7m503BDSX92h1Mjw9dQZOpxrW7qcvshO+RgA2CRu/PXOE:hINzkdpqiPKdI7m503FSXUhOjw9Fpxrs
                                                                                                                                                                                                          MD5:8BF97DC43B347CBCF622768EF43090EF
                                                                                                                                                                                                          SHA1:E6BE2C1B1FE50C19BCD2814E3827C7D94680E51B
                                                                                                                                                                                                          SHA-256:B6164EB7FAE4A12163251492F7F4E56CC50D146EC7A2F5640D86ECA4D095046F
                                                                                                                                                                                                          SHA-512:F2F1A16A1D719B10A20B8BE8B5046E151C50792D8D07A2E7F6BC8EB0D53FFCE7E66E53934E688FD1C3FDFE00545BF203267FB59CBD289AD92F3786E473F8198F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SETJMP.#define _INC_SETJMP..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#if (defined(_X86_) && !defined(__x86_64))..#define _JBLEN 16.#define _JBTYPE int.. typedef struct __JUMP_BUFFER {. unsigned long Ebp;. unsigned long Ebx;. unsigned long Edi;. unsigned long Esi;. unsigned long Esp;. unsigned long Eip;. unsigned long Registration;. unsigned long TryLevel;. unsigned long Cookie;. unsigned long UnwindFunc;. unsigned long UnwindData[6];. } _JUMP_BUFFER;.#elif defined(__ia64__). typedef _CRT_ALIGN(16) struct _SETJMP_FLOAT128 {. __int64 LowPart;. __int64 HighPart;. } SETJMP_FLOAT128;..#define _JBLEN 33. typedef SETJMP_FLOAT128 _JBTYPE;.. typedef struct __JUMP_BUFFER {..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-U5JM5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1583
                                                                                                                                                                                                          Entropy (8bit):5.223946000134317
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDPvH5BolYl9cEPXEDv5JOhS3zDOE/MVuTYE3tmV+Rv4fMBzN80FnPibwB:GWcqvvsDNzD9koS+94fQzN8OPibwDrhT
                                                                                                                                                                                                          MD5:A106C85866BF88A68510029349149B52
                                                                                                                                                                                                          SHA1:989F8BF922CAC5BEB03905A0E35C3C7B4B125C85
                                                                                                                                                                                                          SHA-256:045A031B376733ED7A685BC01709F5281403729FF7C601B913B2ACA2FE1493BB
                                                                                                                                                                                                          SHA-512:205611A36897D5A87EB54DA5C2C193680DAD95DDA01A55DCEF61665ED09EFD322A20F276D9419A64144941CF0B59339FF9D15C1A7A9C86DA60F140364EACFF73
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SIGNAL.#define _INC_SIGNAL..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _SIG_ATOMIC_T_DEFINED.#define _SIG_ATOMIC_T_DEFINED. typedef int sig_atomic_t;.#endif..#define NSIG 23..#define.SIGHUP.1./* hangup */.#define SIGINT 2.#define.SIGQUIT.3./* quit */.#define SIGILL 4.#define.SIGTRAP.5./* trace trap (not reset when caught) */.#define.SIGIOT.6./* IOT instruction */.#define.SIGABRT 6./* used by abort, replace SIGIOT in the future */.#define.SIGEMT.7./* EMT instruction */.#define SIGFPE 8.#define.SIGKILL.9./* kill (cannot be caught or ignored) */.#define.SIGBUS.10./* bus error */.#define SIGSEGV 11.#define.SIGSYS.12./* bad argument to system call */.#define.SIGPIPE.13./* write on a pipe with no one to read it */.#ifdef __USE_MINGW_ALARM.#def

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-U9SH0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2135
                                                                                                                                                                                                          Entropy (8bit):5.113182765405398
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GXWM0CJUOsxXX0MLOMMMRgusuLZum+3Pw+8yFGX7Mu1LkuLS91uuHeLWv:35TW/Vf5FS7Mu1IuLium6Wv
                                                                                                                                                                                                          MD5:5F6A3E42F8EB297B888B498D93437C3C
                                                                                                                                                                                                          SHA1:09729D7892A1ED36AFADDEC40674ACEB62B5FA88
                                                                                                                                                                                                          SHA-256:882626FA25DBC1B5903E6FD98CC8516F1E54C4E06945026653F05B38125DFF2C
                                                                                                                                                                                                          SHA-512:587BB7BE57DDA7DB0BF8C454A78DD67D850342D97BC7C99A9804D53FA7929EB42C1194E13456170C0902CA7A15C028A6C635879889F0AF6A9ED833C2E046B9EC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_LOCALE.#define _INC_LOCALE..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define LC_ALL 0.#define LC_COLLATE 1.#define LC_CTYPE 2.#define LC_MONETARY 3.#define LC_NUMERIC 4.#define LC_TIME 5..#define LC_MIN LC_ALL.#define LC_MAX LC_TIME..#ifndef _LCONV_DEFINED.#define _LCONV_DEFINED. struct lconv {. char *decimal_point;. char *thousands_sep;. char *grouping;. char *int_curr_symbol;. char *currency_symbol;. char *mon_decimal_point;. char *mon_thousands_sep;. char *mon_grouping;. char *positive_sign;. char *negative_sign;. char int_frac_digits;. char frac_digits;. char p_cs_precedes;.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\is-UDNJT.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3796
                                                                                                                                                                                                          Entropy (8bit):5.3190944253059405
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GdUcbUGSCnlAxeSeFkvSp2wCoIt6TcUEYEJ+CkbUHfXF0XQtVI:QTIGTWeFk6pw/6TOMvIfFsA+
                                                                                                                                                                                                          MD5:D236372CBA09E14C37B4E48F81BAEF83
                                                                                                                                                                                                          SHA1:11A3BFFAACEDFA1CAA4B4BB836CD95297A4ECC6D
                                                                                                                                                                                                          SHA-256:0098E51602C94F8A9702F4B776D3630F56EEC27ED67B9FC36D9204933B58AC4D
                                                                                                                                                                                                          SHA-512:D7C22525FBB97BF8950DB69645511420F1198ABE33F5D0FE07A5EE8DD6B5CDA07038B6DB71A2995C6F5EC1B85D8B98E4370330193132E95F2A65E3A847F04408
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_EXCPT.#define _INC_EXCPT..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif.. struct _EXCEPTION_POINTERS;..#ifndef EXCEPTION_DISPOSITION.#define EXCEPTION_DISPOSITION int.#endif.#define ExceptionContinueExecution 0.#define ExceptionContinueSearch 1.#define ExceptionNestedException 2.#define ExceptionCollidedUnwind 3..#if (defined(_X86_) && !defined(__x86_64)). struct _EXCEPTION_RECORD;. struct _CONTEXT;.. EXCEPTION_DISPOSITION __cdecl _except_handler(struct _EXCEPTION_RECORD *_ExceptionRecord,void *_EstablisherFrame,struct _CONTEXT *_ContextRecord,void *_DispatcherContext);.#elif defined(__ia64__).. typedef struct _EXCEPTION_POINTERS *Exception_info_ptr;. struct _EXCEPTION_RECORD;. struct _CONTEXT;. struct _DISP

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\limits.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2686
                                                                                                                                                                                                          Entropy (8bit):5.279528518541247
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GXFLawQcx1ZvUTc/5p3C8QcvAv1p3R0C8+Rve/KQ1i5/o4XqzOvQQHc8/Y:sn91ZgcrCkvQv0C8ksd4na
                                                                                                                                                                                                          MD5:21CE377183014C3535643C9050306A33
                                                                                                                                                                                                          SHA1:41B25206EDD6309884312FD70026096C35A6DBEB
                                                                                                                                                                                                          SHA-256:39C0761F0E43D7B936B9B81C85673DD82896EBFA66E9F1B9A19B45F34E4CD52A
                                                                                                                                                                                                          SHA-512:3B0FA5D6EBB7AC47694C7D04B4835AF6C089344F7F8337DB74B34E3B46A1792295224DC232FAC1FD0DB482FC32C8A6A4BFCAF4F39C35DCCD98600181C314B43D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#ifndef _INC_LIMITS.#define _INC_LIMITS../*.* File system limits.*.* TODO: NAME_MAX and OPEN_MAX are file system limits or not? Are they the.* same as FILENAME_MAX and FOPEN_MAX from stdio.h?.* NOTE: Apparently the actual size of PATH_MAX is 260, but a space is.* required for the NUL. TODO: Test?.*/.#define PATH_MAX.(259)..#define CHAR_BIT 8.#define SCHAR_MIN (-128).#define SCHAR_MAX 127.#define UCHAR_MAX 0xff..#define CHAR_MIN SCHAR_MIN.#define CHAR_MAX SCHAR_MAX..#define MB_LEN_MAX 5.#define SHRT_MIN (-32768).#define SHRT_MAX 32767.#define USHRT_MAX 0xffff.#define INT_MIN (-2147483647 - 1).#define INT_MAX 2147483647.#define UINT_MAX 0xffffffff.#define LONG_MIN (-2147483647L - 1).#define LONG_MAX 2147483647L.#define ULONG_MAX 0xffffffffUL.#def

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\locale.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2135
                                                                                                                                                                                                          Entropy (8bit):5.113182765405398
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GXWM0CJUOsxXX0MLOMMMRgusuLZum+3Pw+8yFGX7Mu1LkuLS91uuHeLWv:35TW/Vf5FS7Mu1IuLium6Wv
                                                                                                                                                                                                          MD5:5F6A3E42F8EB297B888B498D93437C3C
                                                                                                                                                                                                          SHA1:09729D7892A1ED36AFADDEC40674ACEB62B5FA88
                                                                                                                                                                                                          SHA-256:882626FA25DBC1B5903E6FD98CC8516F1E54C4E06945026653F05B38125DFF2C
                                                                                                                                                                                                          SHA-512:587BB7BE57DDA7DB0BF8C454A78DD67D850342D97BC7C99A9804D53FA7929EB42C1194E13456170C0902CA7A15C028A6C635879889F0AF6A9ED833C2E046B9EC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_LOCALE.#define _INC_LOCALE..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define LC_ALL 0.#define LC_COLLATE 1.#define LC_CTYPE 2.#define LC_MONETARY 3.#define LC_NUMERIC 4.#define LC_TIME 5..#define LC_MIN LC_ALL.#define LC_MAX LC_TIME..#ifndef _LCONV_DEFINED.#define _LCONV_DEFINED. struct lconv {. char *decimal_point;. char *thousands_sep;. char *grouping;. char *int_curr_symbol;. char *currency_symbol;. char *mon_decimal_point;. char *mon_thousands_sep;. char *mon_grouping;. char *positive_sign;. char *negative_sign;. char int_frac_digits;. char frac_digits;. char p_cs_precedes;.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\malloc.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5214
                                                                                                                                                                                                          Entropy (8bit):5.2821319558661655
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:y4bSZjA6r8VdQINtNy6XVqB4/mLErYQ015U/dIuvwQRbZBq35jU:9urrSXIzGdIuvwQR9YJo
                                                                                                                                                                                                          MD5:537BC027E86F7252D88B6BF2FE5B2F35
                                                                                                                                                                                                          SHA1:7F3361D220F96AD1B93669254937929F267CC333
                                                                                                                                                                                                          SHA-256:7307FF330B8D7954D548E19E45887ED64DE36DA5BEE1FDA2CC021F0C1C1892BD
                                                                                                                                                                                                          SHA-512:3D7693F46FE1272DECBA8EFB6A01853786419055CF338CC900C9FE3EC1B795BA25E16878A5D53261BF3BC3BAB7525110B6F1844501D5FB6BE45C57B5D277F625
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _MALLOC_H_.#define _MALLOC_H_..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifndef _MM_MALLOC_H_INCLUDED.#define _MM_MALLOC_H_INCLUDED.#endif..#ifdef __cplusplus.extern "C" {.#endif..#ifdef _WIN64.#define _HEAP_MAXREQ 0xFFFFFFFFFFFFFFE0.#else.#define _HEAP_MAXREQ 0xFFFFFFE0.#endif..#ifndef _STATIC_ASSERT.#define _STATIC_ASSERT(expr) extern void __static_assert_t(int [(expr)?1:-1]).#endif../* Return codes for _heapwalk() */.#define _HEAPEMPTY (-1).#define _HEAPOK (-2).#define _HEAPBADBEGIN (-3).#define _HEAPBADNODE (-4).#define _HEAPEND (-5).#define _HEAPBADPTR (-6)../* Values for _heapinfo.useflag */.#define _FREEENTRY 0.#define _USEDENTRY 1..#ifndef _HEAPINFO_DEFINED.#define _HEAPINFO_DEFINED. /* The structure used to walk through the heap with _heapwalk.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\math.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):23077
                                                                                                                                                                                                          Entropy (8bit):5.0910424086795425
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:lpwI012C9/SKSP4qROW8JuWucZBFRzWhHONMLPik9OeY:lpq2C9/FA4OOJr
                                                                                                                                                                                                          MD5:631F16C4A65CF2F47FA49C9220D9C500
                                                                                                                                                                                                          SHA1:330EADF08FDCB31747BF7C84182F2A5EECFA3FAB
                                                                                                                                                                                                          SHA-256:0BC33882BD2AF1E7D33C38C0160E2A0AE737836815360765750CDC7E98E5DFC5
                                                                                                                                                                                                          SHA-512:92EB690CA7D563269CEAEFFAC1F0FFBA6D010568431843F2DD82DCA7A1ACA0E6634C3335202ED5559FE631B0ED7C585DC1C3F5BB248FE3D571BA754B22B6AD5A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _MATH_H_.#define _MATH_H_..#if __GNUC__ >= 3.#pragma GCC system_header.#endif..#include <_mingw.h>..struct exception;..#pragma pack(push,_CRT_PACKING)..#define _DOMAIN 1.#define _SING 2.#define _OVERFLOW 3.#define _UNDERFLOW 4.#define _TLOSS 5.#define _PLOSS 6..#ifndef __STRICT_ANSI__.#ifndef.NO_OLDNAMES.#define DOMAIN _DOMAIN.#define SING _SING.#define OVERFLOW _OVERFLOW.#define UNDERFLOW _UNDERFLOW.#define TLOSS _TLOSS.#define PLOSS _PLOSS.#endif.#endif..#ifndef __STRICT_ANSI__.#define M_E 2.71828182845904523536.#define M_LOG2E 1.44269504088896340736.#define M_LOG10E 0.434294481903251827651.#define M_LN2 0.693147180559945309417.#define M_LN10 2.30258509299404568402.#define M_PI 3.14159265358979323846.#define M_PI_2 1.57079632679489661923.#define M_PI_4 0.785398163397

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\mem.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):345
                                                                                                                                                                                                          Entropy (8bit):4.819819315483337
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1qTVSEDbA1CAAqC:UJJISFcShcFP+4B7SFRClV1qDD8CAAqC
                                                                                                                                                                                                          MD5:534517144E5B9ED662526771BB5D7E13
                                                                                                                                                                                                          SHA1:2D1801E4179E2A6E5914764D944A9C472BF65E99
                                                                                                                                                                                                          SHA-256:43956946AEFEE50E01FDD4D54A6C597418ABCB02251F9D7695ED7039FD7A5FF6
                                                                                                                                                                                                          SHA-512:533F30D3288C2B827D29210C6890D600678DB4F67B9FFAB27046E5CA3931BC119DE4AF93FFA63929DCD9D7C0BABD69A25E7F52E697272F3226ED198C93A9A8CD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * mem.h maps to string.h. */.#ifndef.__STRICT_ANSI__.#include <string.h>.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\memory.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1233
                                                                                                                                                                                                          Entropy (8bit):5.1075312514305296
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDYqsS6s1UzFf5wNaCmwN0PK0PQvYaH2l2X:GlS6s1k5wNaRwNt95H2U
                                                                                                                                                                                                          MD5:29F62B1ADD26DC1AED3FAAD03FAC030D
                                                                                                                                                                                                          SHA1:6F605B9A153A987F2939AE6500D6391FDC107332
                                                                                                                                                                                                          SHA-256:B4341E188913A819FA3BF101078A95CA077780219373F424C39AD86C94E04B6F
                                                                                                                                                                                                          SHA-512:3D98E9F039DDA694A660BA7D2F7906FCD60016DC6A8FED78CEB7B191618318A68D34169B9480BA5727730F6BD6357A13FD02E0CDCA5439A45E06D2F0D61DABE0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_MEMORY.#define _INC_MEMORY..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CONST_RETURN.#define _CONST_RETURN.#endif..#define _WConst_return _CONST_RETURN..#ifndef _CRT_MEMORY_DEFINED.#define _CRT_MEMORY_DEFINED. _CRTIMP void *__cdecl _memccpy(void *_Dst,const void *_Src,int _Val,size_t _MaxCount);. _CONST_RETURN void *__cdecl memchr(const void *_Buf ,int _Val,size_t _MaxCount);. _CRTIMP int __cdecl _memicmp(const void *_Buf1,const void *_Buf2,size_t _Size);. _CRTIMP int __cdecl _memicmp_l(const void *_Buf1,const void *_Buf2,size_t _Size,_locale_t _Locale);. int __cdecl memcmp(const void *_Buf1,const void *_Buf2,size_t _Size);. void *__cdecl memcpy(void *_Dst,const void *_Src,size_t _Size);. void *__cdecl memset(void *_Dst,int _Val,si

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\process.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9091
                                                                                                                                                                                                          Entropy (8bit):5.046593382105061
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:kVIYQ03tIPjxoNimr4mJ6hIO0XtcsQQ05vQTcsBOdFS3b6dyntql+:kVIYQ03tIPjxoNimr4mJ6hIOmcsQQ05E
                                                                                                                                                                                                          MD5:F06EDAF6AB750607C33C37BFE50B2EB2
                                                                                                                                                                                                          SHA1:CA3AFC7781760D84432B06567AFBDA24587757DD
                                                                                                                                                                                                          SHA-256:6947C954F2AF676E66CC38D64B1A165428734000E2E272F883C2D74A85B82020
                                                                                                                                                                                                          SHA-512:9926B19FBD4B30ECF6682AE5945401E4387D2B5CE02D7643B51C660462B761B08F52A99F2B7DA73B574C7BC6388CD23CA3ED8451A3CF2B3501AD217925A503EB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_PROCESS.#define _INC_PROCESS..#include <_mingw.h>../* Includes a definition of _pid_t and pid_t */.#include <sys/types.h>..#ifndef _POSIX_.#ifdef __cplusplus.extern "C" {.#endif..#define _P_WAIT 0.#define _P_NOWAIT 1.#define _OLD_P_OVERLAY 2.#define _P_NOWAITO 3.#define _P_DETACH 4.#define _P_OVERLAY 2..#define _WAIT_CHILD 0.#define _WAIT_GRANDCHILD 1.. _CRTIMP uintptr_t __cdecl _beginthread(void (__cdecl *_StartAddress) (void *),unsigned _StackSize,void *_ArgList);. _CRTIMP void __cdecl _endthread(void);. _CRTIMP uintptr_t __cdecl _beginthreadex(void *_Security,unsigned _StackSize,unsigned (__stdcall *_StartAddress) (void *),void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr);. _CRTIMP void __cdecl _endthreadex(unsigned _Retval);..#ifndef _CRT_TERMINATE_DE

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\conio_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1535
                                                                                                                                                                                                          Entropy (8bit):5.005173947475632
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDp5BUXLjIT0Cn0jIn0jQsY0eq0DY0PdMR0Mk3Z0ln0ln0fKY0xq0CY0u+:G4X+j41n8In8QsYbqgYKd00x+nknmKY1
                                                                                                                                                                                                          MD5:5BC78AA26AF6CE836F322CD5A432E368
                                                                                                                                                                                                          SHA1:1E99298161F0ADB4F7244EB5A067364DC5B47E91
                                                                                                                                                                                                          SHA-256:F7375E816739491FBAB39531C1D60A77B78FF9A162ABA17F817C773BF75F6508
                                                                                                                                                                                                          SHA-512:F1BFD5EF34A97E72EC474B2A2FECF4AC5FA1931E08845489623A7C699954B549FEDE1E4F93C815C0A9944A7D79601A9ED1342D47694528DAB54ADEAA5BBAB443
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _INC_CONIO_S.#define _INC_CONIO_S..#include <conio.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _cgets_s(char *_Buffer,size_t _Size,size_t *_SizeRead);. _CRTIMP int __cdecl _cprintf_s(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_s(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_s(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_s_l(const char *_Format,_locale_t _Locale,va_list _ArgList);..#ifndef _WCONIO_DEFINED_S.#define _WCONIO_DEFINED_S. _CRTIMP errno_t __cdecl _cgetws_s(wchar_t *_Buffer,size_t _SizeInWords,

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\crtdbg_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):461
                                                                                                                                                                                                          Entropy (8bit):5.161018019410615
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BtsYzlAEG2UCqAhEGksdAwED:i2PSh0PDtJLUtNjOqD
                                                                                                                                                                                                          MD5:F0C359A5AA08A907A23D2C0C5AA68E5C
                                                                                                                                                                                                          SHA1:B487788EC6AA32458DF18F6D10F67573DE8FA16E
                                                                                                                                                                                                          SHA-256:03630EE83E7C921446A0790853FCADEB5A308553DD3C4ECDDD568CDA3167C0F1
                                                                                                                                                                                                          SHA-512:71BD41E6BD84BFFE34BEB8EF1B49C63358CB5D8E520972D57046D58E9D9FB6DEAE512E4CF5554337DA2510D6F3AFCD6C6D58124A30C4003F9E3A8F60C2FFA896
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _INC_CRTDBG_S.#define _INC_CRTDBG_S..#include <crtdbg.h>..#if defined(MINGW_HAS_SECURE_API)..#define _dupenv_s_dbg(ps1,size,s2,t,f,l) _dupenv_s(ps1,size,s2).#define _wdupenv_s_dbg(ps1,size,s2,t,f,l) _wdupenv_s(ps1,size,s2)..#endif..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\io_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):881
                                                                                                                                                                                                          Entropy (8bit):5.049800224685949
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PD5LNUX/uOL3YnNcYDJYwKGUG7FIU9L3YqM:GUZTOL3kSiJyjoL3lM
                                                                                                                                                                                                          MD5:AAF6330564DC2B4B413908EF435956AF
                                                                                                                                                                                                          SHA1:EA59272194493914F4B0CD1375210053A34CFDC2
                                                                                                                                                                                                          SHA-256:6E02F4AE50D30629AF7DF34785B6C32642B12D94ADDD56606F6FC4AB668250FF
                                                                                                                                                                                                          SHA-512:3FD60615B2DFC257A0CACF1F985AF5AA765583DB7DE6B8E474DE52369219DA5D2276362ADD9875A820F0A424A259FE976EBFA1E18FCD7B70008AB8FF70EBA03F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_IO_S.#define _INC_IO_S..#include <io.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _access_s(const char *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _chsize_s(int _FileHandle,__int64 _Size);. _CRTIMP errno_t __cdecl _mktemp_s(char *_TemplateName,size_t _Size);. _CRTIMP errno_t __cdecl _umask_s(int _NewMode,int *_OldMode);..#ifndef _WIO_S_DEFINED.#define _WIO_S_DEFINED. _CRTIMP errno_t __cdecl _waccess_s(const wchar_t *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _wmktemp_s(wchar_t *_TemplateName,size_t _SizeInWords);.#endif..#ifdef __cplusplus.}.#endif..#endif.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-4HJPQ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4113
                                                                                                                                                                                                          Entropy (8bit):5.025747893872523
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:1ICzd9hzhSzms1NOsG1/zl1EzQm2pppJptakhplumHNNmeN4mfNaAqk58ikTNBkm:tp9hFS6s1gsiB3fnjhTVS24Y4LN
                                                                                                                                                                                                          MD5:AE13BD6218C4840EACAC71F31C45B2BC
                                                                                                                                                                                                          SHA1:E05D796CE8F5AEAA629CA9F1E3F6D4AC154148A2
                                                                                                                                                                                                          SHA-256:8650E34BE241C7D837433126878EB6A30EE71C0B759C23671FD8F0715C7CDE65
                                                                                                                                                                                                          SHA-512:689808A64C20260F3091E94DCE6EAABF8662BA627B4DE4C43ED685390565186E69FF229CB4755E9D3BD12B5C46E16CCFD848652703572E790DF7BBAB3824FF9A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDLIB_S.#define _INC_STDLIB_S..#include <stdlib.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _dupenv_s(char **_PBuffer,size_t *_PBufferSizeInBytes,const char *_VarName);. _CRTIMP errno_t __cdecl _itoa_s(int _Value,char *_DstBuf,size_t _Size,int _Radix);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _i64toa_s(__int64 _Val,char *_DstBuf,size_t _Size,int _Radix);. _CRTIMP errno_t __cdecl _ui64toa_s(unsigned __int64 _Val,char *_DstBuf,size_t _Size,int _Radix);.#endif. _CRTIMP errno_t __cdecl _ltoa_s(long _Val,char *_DstBuf,size_t _Size,int _Radix);. _CRTIMP errno_t __cdecl mbstowcs_s(size_t *_PtNumOfCharConverted,wchar_t *_DstBuf,size_t _SizeInWords,const char *_SrcBuf,size_t _MaxCount);. _CRTI

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-7FMG9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1787
                                                                                                                                                                                                          Entropy (8bit):4.917564903414643
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GdhfZfj5LsD61nVtwNwDmwMRTNU5bTTwNTrbTy7TZe1TGdTt8u:QZZfNLsD61V+NwDmw0hUZgNnbu71e1a9
                                                                                                                                                                                                          MD5:544899F39CA616AE07D97A2FEE8DE3D4
                                                                                                                                                                                                          SHA1:2F95831D27CC918E633E8D711087CCF7C3DA918B
                                                                                                                                                                                                          SHA-256:EEF32FB505B98A3610923E8DDB3DE724C55B44389D25CEF7CF50EE3CD14F5D68
                                                                                                                                                                                                          SHA-512:20DBF6C25FF2270402BB4EB99430B83128F66D577B7C9277CACBF8CDB5438EC58B6B1EA468499D1F48338CF4F2433A1A0E59E242F812B419C6AFC637340C86AB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STRING_S.#define _INC_STRING_S..#include <string.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _strset_s(char *_Dst,size_t _DstSize,int _Value);. _CRTIMP errno_t __cdecl _strerror_s(char *_Buf,size_t _SizeInBytes,const char *_ErrMsg);. _CRTIMP errno_t __cdecl _strlwr_s(char *_Str,size_t _Size);. _CRTIMP errno_t __cdecl _strlwr_s_l(char *_Str,size_t _Size,_locale_t _Locale);. _CRTIMP errno_t __cdecl _strnset_s(char *_Str,size_t _Size,int _Val,size_t _MaxCount);. _CRTIMP errno_t __cdecl _strupr_s(char *_Str,size_t _Size);. _CRTIMP errno_t __cdecl _strupr_s_l(char *_Str,size_t _Size,_locale_t _Locale);.#ifndef _WSTRING_S_DEFINED.#define _WSTRING_S_DEFINED. _CRTIMP wchar_t *__cdecl wcstok_s(wchar_t *_St

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-9LVPH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):796
                                                                                                                                                                                                          Entropy (8bit):5.075906205009732
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BUksYTAKG2U1OAb9vw4DRWJKRWFoY2j9vw4DRWJKRW5:i2PSh0PDxjdUpbpw4NWIWFepw4NWIW5
                                                                                                                                                                                                          MD5:E0C3256D4BE1AD2A506755EB847C2D39
                                                                                                                                                                                                          SHA1:236108EEED6AFC8156950DAE94A055B90F8D169E
                                                                                                                                                                                                          SHA-256:96174E09F1C573C7FAEA85A6D568225A1B946E133C6C04A7BD6AA865C58896A2
                                                                                                                                                                                                          SHA-512:501E4C147ABA8CC08D3195BBA9328D3ED6186E8BFE60EF4DE65F09441F708ABDAAC9D7ED4C84CCD4CE21075F45D0C8B60B2BF8A927AD8A449C11EF6B2711032A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SEARCH_S.#define _INC_SEARCH_S..#include <search.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP void *__cdecl _lfind_s(const void *_Key,const void *_Base,unsigned int *_NumOfElements,size_t _SizeOfElements,int (__cdecl *_PtFuncCompare)(void *,const void *,const void *),void *_Context);. _CRTIMP void *__cdecl _lsearch_s(const void *_Key,void *_Base,unsigned int *_NumOfElements,size_t _SizeOfElements,int (__cdecl *_PtFuncCompare)(void *,const void *,const void *),void *_Context);..#ifdef __cplusplus.}.#endif..#endif.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-9OH1H.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11508
                                                                                                                                                                                                          Entropy (8bit):4.850439541273333
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:nzXsE4vla8LmEtTcbA4MfaEU0zwyp0WEP9fF2V:8
                                                                                                                                                                                                          MD5:3C28755C2186DABAE016938E1308B77F
                                                                                                                                                                                                          SHA1:9437B43CD64ED70638DF695B1B9EAB34C1B04F57
                                                                                                                                                                                                          SHA-256:5107BED740C6274FFC767AD42DED6CE5A8F51CB0C73239D04D5A647D62EDF2F1
                                                                                                                                                                                                          SHA-512:9D89FE5E5B8396998A552E443970F45C8E9F2F04F180D14F1CBBDC56A1FD5AE0F2C9F81B8E25D0DCB20FB1437D9BD178A6DAD68A323AA0E9EAEF31B6B6D40F33
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDIO_S.#define _INC_STDIO_S..#include <stdio.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _STDIO_S_DEFINED.#define _STDIO_S_DEFINED. _CRTIMP errno_t __cdecl clearerr_s(FILE *_File);. int __cdecl fprintf_s(FILE *_File,const char *_Format,...);. size_t __cdecl fread_s(void *_DstBuf,size_t _DstSize,size_t _ElementSize,size_t _Count,FILE *_File);. _CRTIMP int __cdecl _fscanf_s_l(FILE *_File,const char *_Format,_locale_t _Locale,...);. int __cdecl printf_s(const char *_Format,...);. _CRTIMP int __cdecl _scanf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _scanf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _snprintf_s(char *_DstBuf,size_t _DstSize,size_t _MaxCount,const char

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-BK3OO.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2331
                                                                                                                                                                                                          Entropy (8bit):5.0544392912710165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GcrXMDj5Rqf/Hj57+jJij5NiTiM7AdKCLUJXbfb7SlE6BQ5Sl625a:HrONRqf/HN7+9iNYm+AdKCLUJXbfYE6S
                                                                                                                                                                                                          MD5:EDC9CC4A2A0B921D3167F19D2D162F0B
                                                                                                                                                                                                          SHA1:424E2246A5B852CC80AC043F681A12F4ED95882B
                                                                                                                                                                                                          SHA-256:9AE9CB7A3164AD0093E3887B0CA09BB67498DA51BB44E9BE500B60E72A385DC0
                                                                                                                                                                                                          SHA-512:3C81D4917E9A47307393EA6AF3C6E945F6F6ACC1BAEFA764E500054F84BBAEDDA83B7CCDBAC3A1EC526E389EC7A095B0A6676AE09CEEA63EF1E95B5DE004B018
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIME_H__S.#define _TIME_H__S..#include <time.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _ctime32_s(char *_Buf,size_t _SizeInBytes,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _gmtime32_s(struct tm *_Tm,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _localtime32_s(struct tm *_Tm,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _strdate_s(char *_Buf,size_t _SizeInBytes);. _CRTIMP errno_t __cdecl _strtime_s(char *_Buf ,size_t _SizeInBytes);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _ctime64_s(char *_Buf,size_t _SizeInBytes,const __time64_t *_Time);. _CRTIMP errno_t __cdecl _gmtime64_s(struct tm *_Tm,const __time64_t *_Time);. _CRTIMP errno_t __cdecl _localtime64_s(struct tm *_Tm,

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-C5KE4.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7492
                                                                                                                                                                                                          Entropy (8bit):5.001674571619953
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:2s3ligWmjN2JcabAOrco1/x+pxJrx8NxDhW21TUSBL/jCh3HzTxpppJptakhplFY:lUEU0zwyx3fnjhTtj7P9AJbfYFa
                                                                                                                                                                                                          MD5:37C52897CBB44A15BD22203CF8882566
                                                                                                                                                                                                          SHA1:27A8F810ADB10BCFD84DB971163C98ED81C3BDF9
                                                                                                                                                                                                          SHA-256:5A470AC358B2D951202182F9EC1F945331C23A8D79629AD4EDB08B7D73CFAEE4
                                                                                                                                                                                                          SHA-512:5217C9246A458EAB5657B219D136CEC221EF0539CB5C5D02BF9E1FE88159A758B247E2D925312636AA8BE4665B9D52641A9D3F2613256C3FF88985ED1D50CA05
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCHAR_S.#define _INC_WCHAR_S..#include <wchar.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _WIO_S_DEFINED.#define _WIO_S_DEFINED. _CRTIMP errno_t __cdecl _waccess_s(const wchar_t *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _wmktemp_s(wchar_t *_TemplateName,size_t _SizeInWords);.#endif..#ifndef _WCONIO_S_DEFINED.#define _WCONIO_S_DEFINED. _CRTIMP errno_t __cdecl _cgetws_s(wchar_t *_Buffer,size_t _SizeInWords,size_t *_SizeRead);. _CRTIMP int __cdecl _cwprintf_s(const wchar_t *_Format,...);. _CRTIMP int __cdecl _cwscanf_s(const wchar_t *_Format,...);. _CRTIMP int __cdecl _cwscanf_s_l(const wchar_t *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcwprintf_s(const wchar_t *_Format,va_list _ArgList);. _C

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-F584H.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):824
                                                                                                                                                                                                          Entropy (8bit):5.23907989533424
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDbldUsxgi7ZmA10jrL8sxqpCTkTAfEjd2FL0:GENuiZmU0jrIhT9jdKA
                                                                                                                                                                                                          MD5:C46DB571CFDB29EA8F977222B4BDA152
                                                                                                                                                                                                          SHA1:727F853FE74015580AE152B7DA8E1958B19FE22B
                                                                                                                                                                                                          SHA-256:B23F0CF79D5455E232D92792E2B2BE38125A02808BC005049367BAB68DA1300B
                                                                                                                                                                                                          SHA-512:747FEFA9B6DC0B5B1DE13ACFFBECCDBD7542A1241DEE3299F584FD08D65EAE8D1814305C44FC5AD580D865CF73AE9A8072F5AD7FD5E8439DE034EE82FD789CA7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef __STRALIGN_H_S_.#define __STRALIGN_H_S_..#include <stralign.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#if !defined(I_X86_) && defined(_WSTRING_S_DEFINED).#if defined(__cplusplus) && defined(_WConst_Return). static __inline PUWSTR ua_wcscpy_s(PUWSTR Desusertion,size_t DesusertionSize,PCUWSTR Source) {. if(WSTR_ALIGNED(Source) && WSTR_ALIGNED(Desusertion)) return (wcscpy_s((PWSTR)Desusertion,DesusertionSize,(PCWSTR)Source)==0 ? Desusertion : NULL);. return uaw_wcscpy((PCUWSTR)String,Character);. }.#endif.#endif..#ifdef __cplusplus.}.#endif.#endif.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KBHQA.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8328
                                                                                                                                                                                                          Entropy (8bit):4.549418379824187
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:bQGkyRvKPf4e80QgHRySdrCcNNXe1FcNNFe1d6O1yv61ycNNue1ccNNYe1e1O1e3:c11WgJ17OBBapWcEqJ
                                                                                                                                                                                                          MD5:1C3243D5951CCF4C4007E89FD366631D
                                                                                                                                                                                                          SHA1:48FE81CEA21230097C39FFC92C9B5BCAB3B4D0B1
                                                                                                                                                                                                          SHA-256:A5318CCEB241962769169C32A3CE5BFB9A075A52EDBAC31AAD33B0D7B897B544
                                                                                                                                                                                                          SHA-512:F6D25B5532745933F4320280AC21DD02CD12872639333B3AD04F4EFBBB42CFE51F5AD828F6CB2134968F5503979029AC38AD208572AD3FD298BDCC97677ECEDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_TCHAR_S.#define _INC_TCHAR_S..#include <tchar.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifdef _UNICODE..#define _tprintf_s wprintf_s.#define _tprintf_s_l _wprintf_s_l.#define _tcprintf_s _cwprintf_s.#define _tcprintf_s_l _cwprintf_s_l.#define _vtcprintf_s _vcwprintf_s.#define _vtcprintf_s_l _vcwprintf_s_l.#define _ftprintf_s fwprintf_s.#define _ftprintf_s_l _fwprintf_s_l.#define _stprintf_s swprintf_s.#define _stprintf_s_l _swprintf_s_l.#define _sntprintf_s _snwprintf_s.#define _sntprintf_s_l _snwprintf_s_l.#define _vtprintf_s vwprintf_s.#define _vtprintf_s_l _vwprintf_s_l.#define _vftprintf_s vfwprintf_s.#define _vftprintf_s_l _vfwprintf_s_l.#define _vstprintf_s vswprintf_s.#define _vstprintf_s_l _vswprintf_s_l.#define _vsntp

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KEJ59.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1535
                                                                                                                                                                                                          Entropy (8bit):5.005173947475632
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDp5BUXLjIT0Cn0jIn0jQsY0eq0DY0PdMR0Mk3Z0ln0ln0fKY0xq0CY0u+:G4X+j41n8In8QsYbqgYKd00x+nknmKY1
                                                                                                                                                                                                          MD5:5BC78AA26AF6CE836F322CD5A432E368
                                                                                                                                                                                                          SHA1:1E99298161F0ADB4F7244EB5A067364DC5B47E91
                                                                                                                                                                                                          SHA-256:F7375E816739491FBAB39531C1D60A77B78FF9A162ABA17F817C773BF75F6508
                                                                                                                                                                                                          SHA-512:F1BFD5EF34A97E72EC474B2A2FECF4AC5FA1931E08845489623A7C699954B549FEDE1E4F93C815C0A9944A7D79601A9ED1342D47694528DAB54ADEAA5BBAB443
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _INC_CONIO_S.#define _INC_CONIO_S..#include <conio.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _cgets_s(char *_Buffer,size_t _Size,size_t *_SizeRead);. _CRTIMP int __cdecl _cprintf_s(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_s(const char *_Format,...);. _CRTIMP int __cdecl _cscanf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_s(const char *_Format,va_list _ArgList);. _CRTIMP int __cdecl _cprintf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcprintf_s_l(const char *_Format,_locale_t _Locale,va_list _ArgList);..#ifndef _WCONIO_DEFINED_S.#define _WCONIO_DEFINED_S. _CRTIMP errno_t __cdecl _cgetws_s(wchar_t *_Buffer,size_t _SizeInWords,

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KGD5C.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3615
                                                                                                                                                                                                          Entropy (8bit):4.86966174138245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:fo/15F1iM17NNse1NNNie16Nw11NNKe1/NNQe1uNO1Yk1gQ1Cs1s2s+w:wdi69Ah
                                                                                                                                                                                                          MD5:EDEDEEC78FA33C84025495013A88BF1A
                                                                                                                                                                                                          SHA1:7CB95B9B6DF8927222625EA101A72389B8A5318F
                                                                                                                                                                                                          SHA-256:D962AB8070958953F48B24C9EA068B345B158237826FB71B9A76D36CF2E8A32B
                                                                                                                                                                                                          SHA-512:B32E7891109560B4DF8BBBD1B3BB6D2ACEC9158C35743EB97A88F3B1237114979057B00ACD2CBB594CB1DB555E5AF5DDCAA610FE13C141A20494CA47319F65B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_MBSTRING_S.#define _INC_MBSTRING_S..#include <mbstring.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _MBSTRING_S_DEFINED.#define _MBSTRING_S_DEFINED. _CRTIMP errno_t __cdecl _mbscat_s(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src);. _CRTIMP errno_t __cdecl _mbscat_s_l(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src,_locale_t _Locale);. _CRTIMP errno_t __cdecl _mbscpy_s(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src);. _CRTIMP errno_t __cdecl _mbscpy_s_l(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src,_locale_t _Locale);. _CRTIMP errno_t __cdecl _mbslwr_s(unsigned char *_Str,size_t _SizeInBytes);. _CRTIMP errno_t __cdecl _mbslwr_s_l(

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-KN4PP.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):881
                                                                                                                                                                                                          Entropy (8bit):5.049800224685949
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PD5LNUX/uOL3YnNcYDJYwKGUG7FIU9L3YqM:GUZTOL3kSiJyjoL3lM
                                                                                                                                                                                                          MD5:AAF6330564DC2B4B413908EF435956AF
                                                                                                                                                                                                          SHA1:EA59272194493914F4B0CD1375210053A34CFDC2
                                                                                                                                                                                                          SHA-256:6E02F4AE50D30629AF7DF34785B6C32642B12D94ADDD56606F6FC4AB668250FF
                                                                                                                                                                                                          SHA-512:3FD60615B2DFC257A0CACF1F985AF5AA765583DB7DE6B8E474DE52369219DA5D2276362ADD9875A820F0A424A259FE976EBFA1E18FCD7B70008AB8FF70EBA03F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_IO_S.#define _INC_IO_S..#include <io.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _access_s(const char *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _chsize_s(int _FileHandle,__int64 _Size);. _CRTIMP errno_t __cdecl _mktemp_s(char *_TemplateName,size_t _Size);. _CRTIMP errno_t __cdecl _umask_s(int _NewMode,int *_OldMode);..#ifndef _WIO_S_DEFINED.#define _WIO_S_DEFINED. _CRTIMP errno_t __cdecl _waccess_s(const wchar_t *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _wmktemp_s(wchar_t *_TemplateName,size_t _SizeInWords);.#endif..#ifdef __cplusplus.}.#endif..#endif.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\is-US35A.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):461
                                                                                                                                                                                                          Entropy (8bit):5.161018019410615
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BtsYzlAEG2UCqAhEGksdAwED:i2PSh0PDtJLUtNjOqD
                                                                                                                                                                                                          MD5:F0C359A5AA08A907A23D2C0C5AA68E5C
                                                                                                                                                                                                          SHA1:B487788EC6AA32458DF18F6D10F67573DE8FA16E
                                                                                                                                                                                                          SHA-256:03630EE83E7C921446A0790853FCADEB5A308553DD3C4ECDDD568CDA3167C0F1
                                                                                                                                                                                                          SHA-512:71BD41E6BD84BFFE34BEB8EF1B49C63358CB5D8E520972D57046D58E9D9FB6DEAE512E4CF5554337DA2510D6F3AFCD6C6D58124A30C4003F9E3A8F60C2FFA896
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _INC_CRTDBG_S.#define _INC_CRTDBG_S..#include <crtdbg.h>..#if defined(MINGW_HAS_SECURE_API)..#define _dupenv_s_dbg(ps1,size,s2,t,f,l) _dupenv_s(ps1,size,s2).#define _wdupenv_s_dbg(ps1,size,s2,t,f,l) _wdupenv_s(ps1,size,s2)..#endif..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\mbstring_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3615
                                                                                                                                                                                                          Entropy (8bit):4.86966174138245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:fo/15F1iM17NNse1NNNie16Nw11NNKe1/NNQe1uNO1Yk1gQ1Cs1s2s+w:wdi69Ah
                                                                                                                                                                                                          MD5:EDEDEEC78FA33C84025495013A88BF1A
                                                                                                                                                                                                          SHA1:7CB95B9B6DF8927222625EA101A72389B8A5318F
                                                                                                                                                                                                          SHA-256:D962AB8070958953F48B24C9EA068B345B158237826FB71B9A76D36CF2E8A32B
                                                                                                                                                                                                          SHA-512:B32E7891109560B4DF8BBBD1B3BB6D2ACEC9158C35743EB97A88F3B1237114979057B00ACD2CBB594CB1DB555E5AF5DDCAA610FE13C141A20494CA47319F65B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_MBSTRING_S.#define _INC_MBSTRING_S..#include <mbstring.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _MBSTRING_S_DEFINED.#define _MBSTRING_S_DEFINED. _CRTIMP errno_t __cdecl _mbscat_s(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src);. _CRTIMP errno_t __cdecl _mbscat_s_l(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src,_locale_t _Locale);. _CRTIMP errno_t __cdecl _mbscpy_s(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src);. _CRTIMP errno_t __cdecl _mbscpy_s_l(unsigned char *_Dst,size_t _DstSizeInBytes,const unsigned char *_Src,_locale_t _Locale);. _CRTIMP errno_t __cdecl _mbslwr_s(unsigned char *_Str,size_t _SizeInBytes);. _CRTIMP errno_t __cdecl _mbslwr_s_l(

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\search_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):796
                                                                                                                                                                                                          Entropy (8bit):5.075906205009732
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BUksYTAKG2U1OAb9vw4DRWJKRWFoY2j9vw4DRWJKRW5:i2PSh0PDxjdUpbpw4NWIWFepw4NWIW5
                                                                                                                                                                                                          MD5:E0C3256D4BE1AD2A506755EB847C2D39
                                                                                                                                                                                                          SHA1:236108EEED6AFC8156950DAE94A055B90F8D169E
                                                                                                                                                                                                          SHA-256:96174E09F1C573C7FAEA85A6D568225A1B946E133C6C04A7BD6AA865C58896A2
                                                                                                                                                                                                          SHA-512:501E4C147ABA8CC08D3195BBA9328D3ED6186E8BFE60EF4DE65F09441F708ABDAAC9D7ED4C84CCD4CE21075F45D0C8B60B2BF8A927AD8A449C11EF6B2711032A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SEARCH_S.#define _INC_SEARCH_S..#include <search.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP void *__cdecl _lfind_s(const void *_Key,const void *_Base,unsigned int *_NumOfElements,size_t _SizeOfElements,int (__cdecl *_PtFuncCompare)(void *,const void *,const void *),void *_Context);. _CRTIMP void *__cdecl _lsearch_s(const void *_Key,void *_Base,unsigned int *_NumOfElements,size_t _SizeOfElements,int (__cdecl *_PtFuncCompare)(void *,const void *,const void *),void *_Context);..#ifdef __cplusplus.}.#endif..#endif.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\stdio_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11508
                                                                                                                                                                                                          Entropy (8bit):4.850439541273333
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:nzXsE4vla8LmEtTcbA4MfaEU0zwyp0WEP9fF2V:8
                                                                                                                                                                                                          MD5:3C28755C2186DABAE016938E1308B77F
                                                                                                                                                                                                          SHA1:9437B43CD64ED70638DF695B1B9EAB34C1B04F57
                                                                                                                                                                                                          SHA-256:5107BED740C6274FFC767AD42DED6CE5A8F51CB0C73239D04D5A647D62EDF2F1
                                                                                                                                                                                                          SHA-512:9D89FE5E5B8396998A552E443970F45C8E9F2F04F180D14F1CBBDC56A1FD5AE0F2C9F81B8E25D0DCB20FB1437D9BD178A6DAD68A323AA0E9EAEF31B6B6D40F33
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDIO_S.#define _INC_STDIO_S..#include <stdio.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _STDIO_S_DEFINED.#define _STDIO_S_DEFINED. _CRTIMP errno_t __cdecl clearerr_s(FILE *_File);. int __cdecl fprintf_s(FILE *_File,const char *_Format,...);. size_t __cdecl fread_s(void *_DstBuf,size_t _DstSize,size_t _ElementSize,size_t _Count,FILE *_File);. _CRTIMP int __cdecl _fscanf_s_l(FILE *_File,const char *_Format,_locale_t _Locale,...);. int __cdecl printf_s(const char *_Format,...);. _CRTIMP int __cdecl _scanf_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _scanf_s_l(const char *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _snprintf_s(char *_DstBuf,size_t _DstSize,size_t _MaxCount,const char

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\stdlib_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4113
                                                                                                                                                                                                          Entropy (8bit):5.025747893872523
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:1ICzd9hzhSzms1NOsG1/zl1EzQm2pppJptakhplumHNNmeN4mfNaAqk58ikTNBkm:tp9hFS6s1gsiB3fnjhTVS24Y4LN
                                                                                                                                                                                                          MD5:AE13BD6218C4840EACAC71F31C45B2BC
                                                                                                                                                                                                          SHA1:E05D796CE8F5AEAA629CA9F1E3F6D4AC154148A2
                                                                                                                                                                                                          SHA-256:8650E34BE241C7D837433126878EB6A30EE71C0B759C23671FD8F0715C7CDE65
                                                                                                                                                                                                          SHA-512:689808A64C20260F3091E94DCE6EAABF8662BA627B4DE4C43ED685390565186E69FF229CB4755E9D3BD12B5C46E16CCFD848652703572E790DF7BBAB3824FF9A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDLIB_S.#define _INC_STDLIB_S..#include <stdlib.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _dupenv_s(char **_PBuffer,size_t *_PBufferSizeInBytes,const char *_VarName);. _CRTIMP errno_t __cdecl _itoa_s(int _Value,char *_DstBuf,size_t _Size,int _Radix);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _i64toa_s(__int64 _Val,char *_DstBuf,size_t _Size,int _Radix);. _CRTIMP errno_t __cdecl _ui64toa_s(unsigned __int64 _Val,char *_DstBuf,size_t _Size,int _Radix);.#endif. _CRTIMP errno_t __cdecl _ltoa_s(long _Val,char *_DstBuf,size_t _Size,int _Radix);. _CRTIMP errno_t __cdecl mbstowcs_s(size_t *_PtNumOfCharConverted,wchar_t *_DstBuf,size_t _SizeInWords,const char *_SrcBuf,size_t _MaxCount);. _CRTI

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\stralign_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):824
                                                                                                                                                                                                          Entropy (8bit):5.23907989533424
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDbldUsxgi7ZmA10jrL8sxqpCTkTAfEjd2FL0:GENuiZmU0jrIhT9jdKA
                                                                                                                                                                                                          MD5:C46DB571CFDB29EA8F977222B4BDA152
                                                                                                                                                                                                          SHA1:727F853FE74015580AE152B7DA8E1958B19FE22B
                                                                                                                                                                                                          SHA-256:B23F0CF79D5455E232D92792E2B2BE38125A02808BC005049367BAB68DA1300B
                                                                                                                                                                                                          SHA-512:747FEFA9B6DC0B5B1DE13ACFFBECCDBD7542A1241DEE3299F584FD08D65EAE8D1814305C44FC5AD580D865CF73AE9A8072F5AD7FD5E8439DE034EE82FD789CA7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef __STRALIGN_H_S_.#define __STRALIGN_H_S_..#include <stralign.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#if !defined(I_X86_) && defined(_WSTRING_S_DEFINED).#if defined(__cplusplus) && defined(_WConst_Return). static __inline PUWSTR ua_wcscpy_s(PUWSTR Desusertion,size_t DesusertionSize,PCUWSTR Source) {. if(WSTR_ALIGNED(Source) && WSTR_ALIGNED(Desusertion)) return (wcscpy_s((PWSTR)Desusertion,DesusertionSize,(PCWSTR)Source)==0 ? Desusertion : NULL);. return uaw_wcscpy((PCUWSTR)String,Character);. }.#endif.#endif..#ifdef __cplusplus.}.#endif.#endif.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\string_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1787
                                                                                                                                                                                                          Entropy (8bit):4.917564903414643
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GdhfZfj5LsD61nVtwNwDmwMRTNU5bTTwNTrbTy7TZe1TGdTt8u:QZZfNLsD61V+NwDmw0hUZgNnbu71e1a9
                                                                                                                                                                                                          MD5:544899F39CA616AE07D97A2FEE8DE3D4
                                                                                                                                                                                                          SHA1:2F95831D27CC918E633E8D711087CCF7C3DA918B
                                                                                                                                                                                                          SHA-256:EEF32FB505B98A3610923E8DDB3DE724C55B44389D25CEF7CF50EE3CD14F5D68
                                                                                                                                                                                                          SHA-512:20DBF6C25FF2270402BB4EB99430B83128F66D577B7C9277CACBF8CDB5438EC58B6B1EA468499D1F48338CF4F2433A1A0E59E242F812B419C6AFC637340C86AB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STRING_S.#define _INC_STRING_S..#include <string.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _strset_s(char *_Dst,size_t _DstSize,int _Value);. _CRTIMP errno_t __cdecl _strerror_s(char *_Buf,size_t _SizeInBytes,const char *_ErrMsg);. _CRTIMP errno_t __cdecl _strlwr_s(char *_Str,size_t _Size);. _CRTIMP errno_t __cdecl _strlwr_s_l(char *_Str,size_t _Size,_locale_t _Locale);. _CRTIMP errno_t __cdecl _strnset_s(char *_Str,size_t _Size,int _Val,size_t _MaxCount);. _CRTIMP errno_t __cdecl _strupr_s(char *_Str,size_t _Size);. _CRTIMP errno_t __cdecl _strupr_s_l(char *_Str,size_t _Size,_locale_t _Locale);.#ifndef _WSTRING_S_DEFINED.#define _WSTRING_S_DEFINED. _CRTIMP wchar_t *__cdecl wcstok_s(wchar_t *_St

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\is-K42BA.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):653
                                                                                                                                                                                                          Entropy (8bit):5.082827078744625
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BjksvAEfG2U17NrOmRyOmRpILKuhQziQFgu7voLKuhNzia:i2PSh0PDjkcTUhNCQR8RAj
                                                                                                                                                                                                          MD5:001FD701688E91D3781D43714B993275
                                                                                                                                                                                                          SHA1:A1825995271FE96DC766421CEDC606384CD92201
                                                                                                                                                                                                          SHA-256:D153417EC64EB7B1504749BCA6477EFD51B4B22DE670518F4FDC2701080145C0
                                                                                                                                                                                                          SHA-512:F4F4A8D796E74CB0AD2A06DD153EBAF4CD16C431FDC67B7C2FBBDC4466147593421AE0F60A620503B21DC3C05C6480CA483BD077AFB10DACA46529996B4391B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _TIMEB_H_S.#define _TIMEB_H_S..#include <sys/timeb.h>..#ifdef __cplusplus.extern "C" {.#endif..#if defined(MINGW_HAS_SECURE_API)..#ifdef _USE_32BIT_TIME_T.#define _ftime_s _ftime32_s.#else.#define _ftime_s _ftime64_s.#endif.. _CRTIMP errno_t __cdecl _ftime32_s(struct __timeb32 *_Time);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _ftime64_s(struct __timeb64 *_Time);.#endif.#endif..#ifdef __cplusplus.}.#endif..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\sys\timeb_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):653
                                                                                                                                                                                                          Entropy (8bit):5.082827078744625
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BjksvAEfG2U17NrOmRyOmRpILKuhQziQFgu7voLKuhNzia:i2PSh0PDjkcTUhNCQR8RAj
                                                                                                                                                                                                          MD5:001FD701688E91D3781D43714B993275
                                                                                                                                                                                                          SHA1:A1825995271FE96DC766421CEDC606384CD92201
                                                                                                                                                                                                          SHA-256:D153417EC64EB7B1504749BCA6477EFD51B4B22DE670518F4FDC2701080145C0
                                                                                                                                                                                                          SHA-512:F4F4A8D796E74CB0AD2A06DD153EBAF4CD16C431FDC67B7C2FBBDC4466147593421AE0F60A620503B21DC3C05C6480CA483BD077AFB10DACA46529996B4391B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _TIMEB_H_S.#define _TIMEB_H_S..#include <sys/timeb.h>..#ifdef __cplusplus.extern "C" {.#endif..#if defined(MINGW_HAS_SECURE_API)..#ifdef _USE_32BIT_TIME_T.#define _ftime_s _ftime32_s.#else.#define _ftime_s _ftime64_s.#endif.. _CRTIMP errno_t __cdecl _ftime32_s(struct __timeb32 *_Time);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _ftime64_s(struct __timeb64 *_Time);.#endif.#endif..#ifdef __cplusplus.}.#endif..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\tchar_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8328
                                                                                                                                                                                                          Entropy (8bit):4.549418379824187
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:bQGkyRvKPf4e80QgHRySdrCcNNXe1FcNNFe1d6O1yv61ycNNue1ccNNYe1e1O1e3:c11WgJ17OBBapWcEqJ
                                                                                                                                                                                                          MD5:1C3243D5951CCF4C4007E89FD366631D
                                                                                                                                                                                                          SHA1:48FE81CEA21230097C39FFC92C9B5BCAB3B4D0B1
                                                                                                                                                                                                          SHA-256:A5318CCEB241962769169C32A3CE5BFB9A075A52EDBAC31AAD33B0D7B897B544
                                                                                                                                                                                                          SHA-512:F6D25B5532745933F4320280AC21DD02CD12872639333B3AD04F4EFBBB42CFE51F5AD828F6CB2134968F5503979029AC38AD208572AD3FD298BDCC97677ECEDD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_TCHAR_S.#define _INC_TCHAR_S..#include <tchar.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifdef _UNICODE..#define _tprintf_s wprintf_s.#define _tprintf_s_l _wprintf_s_l.#define _tcprintf_s _cwprintf_s.#define _tcprintf_s_l _cwprintf_s_l.#define _vtcprintf_s _vcwprintf_s.#define _vtcprintf_s_l _vcwprintf_s_l.#define _ftprintf_s fwprintf_s.#define _ftprintf_s_l _fwprintf_s_l.#define _stprintf_s swprintf_s.#define _stprintf_s_l _swprintf_s_l.#define _sntprintf_s _snwprintf_s.#define _sntprintf_s_l _snwprintf_s_l.#define _vtprintf_s vwprintf_s.#define _vtprintf_s_l _vwprintf_s_l.#define _vftprintf_s vfwprintf_s.#define _vftprintf_s_l _vfwprintf_s_l.#define _vstprintf_s vswprintf_s.#define _vstprintf_s_l _vswprintf_s_l.#define _vsntp

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\time_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2331
                                                                                                                                                                                                          Entropy (8bit):5.0544392912710165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GcrXMDj5Rqf/Hj57+jJij5NiTiM7AdKCLUJXbfb7SlE6BQ5Sl625a:HrONRqf/HN7+9iNYm+AdKCLUJXbfYE6S
                                                                                                                                                                                                          MD5:EDC9CC4A2A0B921D3167F19D2D162F0B
                                                                                                                                                                                                          SHA1:424E2246A5B852CC80AC043F681A12F4ED95882B
                                                                                                                                                                                                          SHA-256:9AE9CB7A3164AD0093E3887B0CA09BB67498DA51BB44E9BE500B60E72A385DC0
                                                                                                                                                                                                          SHA-512:3C81D4917E9A47307393EA6AF3C6E945F6F6ACC1BAEFA764E500054F84BBAEDDA83B7CCDBAC3A1EC526E389EC7A095B0A6676AE09CEEA63EF1E95B5DE004B018
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIME_H__S.#define _TIME_H__S..#include <time.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif.. _CRTIMP errno_t __cdecl _ctime32_s(char *_Buf,size_t _SizeInBytes,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _gmtime32_s(struct tm *_Tm,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _localtime32_s(struct tm *_Tm,const __time32_t *_Time);. _CRTIMP errno_t __cdecl _strdate_s(char *_Buf,size_t _SizeInBytes);. _CRTIMP errno_t __cdecl _strtime_s(char *_Buf ,size_t _SizeInBytes);.#if _INTEGRAL_MAX_BITS >= 64. _CRTIMP errno_t __cdecl _ctime64_s(char *_Buf,size_t _SizeInBytes,const __time64_t *_Time);. _CRTIMP errno_t __cdecl _gmtime64_s(struct tm *_Tm,const __time64_t *_Time);. _CRTIMP errno_t __cdecl _localtime64_s(struct tm *_Tm,

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sec_api\wchar_s.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7492
                                                                                                                                                                                                          Entropy (8bit):5.001674571619953
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:2s3ligWmjN2JcabAOrco1/x+pxJrx8NxDhW21TUSBL/jCh3HzTxpppJptakhplFY:lUEU0zwyx3fnjhTtj7P9AJbfYFa
                                                                                                                                                                                                          MD5:37C52897CBB44A15BD22203CF8882566
                                                                                                                                                                                                          SHA1:27A8F810ADB10BCFD84DB971163C98ED81C3BDF9
                                                                                                                                                                                                          SHA-256:5A470AC358B2D951202182F9EC1F945331C23A8D79629AD4EDB08B7D73CFAEE4
                                                                                                                                                                                                          SHA-512:5217C9246A458EAB5657B219D136CEC221EF0539CB5C5D02BF9E1FE88159A758B247E2D925312636AA8BE4665B9D52641A9D3F2613256C3FF88985ED1D50CA05
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCHAR_S.#define _INC_WCHAR_S..#include <wchar.h>..#if defined(MINGW_HAS_SECURE_API)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _WIO_S_DEFINED.#define _WIO_S_DEFINED. _CRTIMP errno_t __cdecl _waccess_s(const wchar_t *_Filename,int _AccessMode);. _CRTIMP errno_t __cdecl _wmktemp_s(wchar_t *_TemplateName,size_t _SizeInWords);.#endif..#ifndef _WCONIO_S_DEFINED.#define _WCONIO_S_DEFINED. _CRTIMP errno_t __cdecl _cgetws_s(wchar_t *_Buffer,size_t _SizeInWords,size_t *_SizeRead);. _CRTIMP int __cdecl _cwprintf_s(const wchar_t *_Format,...);. _CRTIMP int __cdecl _cwscanf_s(const wchar_t *_Format,...);. _CRTIMP int __cdecl _cwscanf_s_l(const wchar_t *_Format,_locale_t _Locale,...);. _CRTIMP int __cdecl _vcwprintf_s(const wchar_t *_Format,va_list _ArgList);. _C

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\setjmp.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3867
                                                                                                                                                                                                          Entropy (8bit):5.235190435579294
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:hINzkdpqiPK62I7m503BDSX92h1Mjw9dQZOpxrW7qcvshO+RgA2CRu/PXOE:hINzkdpqiPKdI7m503FSXUhOjw9Fpxrs
                                                                                                                                                                                                          MD5:8BF97DC43B347CBCF622768EF43090EF
                                                                                                                                                                                                          SHA1:E6BE2C1B1FE50C19BCD2814E3827C7D94680E51B
                                                                                                                                                                                                          SHA-256:B6164EB7FAE4A12163251492F7F4E56CC50D146EC7A2F5640D86ECA4D095046F
                                                                                                                                                                                                          SHA-512:F2F1A16A1D719B10A20B8BE8B5046E151C50792D8D07A2E7F6BC8EB0D53FFCE7E66E53934E688FD1C3FDFE00545BF203267FB59CBD289AD92F3786E473F8198F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SETJMP.#define _INC_SETJMP..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#if (defined(_X86_) && !defined(__x86_64))..#define _JBLEN 16.#define _JBTYPE int.. typedef struct __JUMP_BUFFER {. unsigned long Ebp;. unsigned long Ebx;. unsigned long Edi;. unsigned long Esi;. unsigned long Esp;. unsigned long Eip;. unsigned long Registration;. unsigned long TryLevel;. unsigned long Cookie;. unsigned long UnwindFunc;. unsigned long UnwindData[6];. } _JUMP_BUFFER;.#elif defined(__ia64__). typedef _CRT_ALIGN(16) struct _SETJMP_FLOAT128 {. __int64 LowPart;. __int64 HighPart;. } SETJMP_FLOAT128;..#define _JBLEN 33. typedef SETJMP_FLOAT128 _JBTYPE;.. typedef struct __JUMP_BUFFER {..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\share.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):639
                                                                                                                                                                                                          Entropy (8bit):5.116570644892466
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BWIYKIiSUfwfvarry9rowrrqir3qGr+PFeHqveB7n4y8yvkA4p:i2PSh0PDWWIivavaq98whzlgFeHqve7u
                                                                                                                                                                                                          MD5:540EF403878DDBE2D4682540DA20095F
                                                                                                                                                                                                          SHA1:4E3230DF4B7A906CDC3B6E3E1A5CC768CC79C327
                                                                                                                                                                                                          SHA-256:6DE922C1BD7EEDC33308304785C212945064D763EEDFB373C09CBBB5CB933DDE
                                                                                                                                                                                                          SHA-512:7C27842CB6F3D2B9707A5DF55B45BCC5DD613CDA8C550F0232F0CB9DF8B59013F428EC3FC07FB002DFF80D26BB9941CE76CAADD22BD4B539C9F11EA13FE12EF5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SHARE.#define _INC_SHARE..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#define _SH_COMPAT 0x00.#define _SH_DENYRW 0x10.#define _SH_DENYWR 0x20.#define _SH_DENYRD 0x30.#define _SH_DENYNO 0x40.#define _SH_SECURE 0x80..#ifndef.NO_OLDNAMES.#define SH_COMPAT _SH_COMPAT.#define SH_DENYRW _SH_DENYRW.#define SH_DENYWR _SH_DENYWR.#define SH_DENYRD _SH_DENYRD.#define SH_DENYNO _SH_DENYNO.#endif..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\signal.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1583
                                                                                                                                                                                                          Entropy (8bit):5.223946000134317
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:i2PSh0PDPvH5BolYl9cEPXEDv5JOhS3zDOE/MVuTYE3tmV+Rv4fMBzN80FnPibwB:GWcqvvsDNzD9koS+94fQzN8OPibwDrhT
                                                                                                                                                                                                          MD5:A106C85866BF88A68510029349149B52
                                                                                                                                                                                                          SHA1:989F8BF922CAC5BEB03905A0E35C3C7B4B125C85
                                                                                                                                                                                                          SHA-256:045A031B376733ED7A685BC01709F5281403729FF7C601B913B2ACA2FE1493BB
                                                                                                                                                                                                          SHA-512:205611A36897D5A87EB54DA5C2C193680DAD95DDA01A55DCEF61665ED09EFD322A20F276D9419A64144941CF0B59339FF9D15C1A7A9C86DA60F140364EACFF73
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_SIGNAL.#define _INC_SIGNAL..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _SIG_ATOMIC_T_DEFINED.#define _SIG_ATOMIC_T_DEFINED. typedef int sig_atomic_t;.#endif..#define NSIG 23..#define.SIGHUP.1./* hangup */.#define SIGINT 2.#define.SIGQUIT.3./* quit */.#define SIGILL 4.#define.SIGTRAP.5./* trace trap (not reset when caught) */.#define.SIGIOT.6./* IOT instruction */.#define.SIGABRT 6./* used by abort, replace SIGIOT in the future */.#define.SIGEMT.7./* EMT instruction */.#define SIGFPE 8.#define.SIGKILL.9./* kill (cannot be caught or ignored) */.#define.SIGBUS.10./* bus error */.#define SIGSEGV 11.#define.SIGSYS.12./* bad argument to system call */.#define.SIGPIPE.13./* write on a pipe with no one to read it */.#ifdef __USE_MINGW_ALARM.#def

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\stdarg.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2494
                                                                                                                                                                                                          Entropy (8bit):4.862990168468474
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:QAs3d3qmP8lV0TTPWuj/ATVhpIOFf6yrsEgTvVOFobil:QAGdafP0P/IiA
                                                                                                                                                                                                          MD5:4FE6BA37DEC896AB822646118B5343CE
                                                                                                                                                                                                          SHA1:EA68660748139159643AB495AA1EC9287A5E20FF
                                                                                                                                                                                                          SHA-256:116504A7C3FEABBC4551E9DB0BEC957170647EF2067EB46A4304BCBFDDCE5A30
                                                                                                                                                                                                          SHA-512:6B3304630293A2A5C1D4870B088A7FA2681354A4D28D6DFD97CDA16E102D6E97A19CB5C9A840C8587479E4A559AB3EE781F1E9001F1336C9318988B1F2F22CC7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _STDARG_H.#define _STDARG_H..#ifdef __x86_64__.#ifndef _WIN64..//This should be in sync with the declaration on our lib/libtcc1.c./* GCC compatible definition of va_list. */.typedef struct {. unsigned int gp_offset;. unsigned int fp_offset;. union {. unsigned int overflow_offset;. char *overflow_arg_area;. };. char *reg_save_area;.} __va_list_struct;..typedef __va_list_struct va_list[1];..void __va_start(__va_list_struct *ap, void *fp);.void *__va_arg(__va_list_struct *ap, int arg_type, int size, int align);..#define va_start(ap, last) __va_start(ap, __builtin_frame_address(0)).#define va_arg(ap, type) \. (*(type *)(__va_arg(ap, __builtin_va_arg_types(type), sizeof(type), __alignof__(type)))).#define va_copy(dest, src) (*(dest) = *(src)).#define va_end(ap)../* avoid conflicting definition for va_list on Macs. */.#define _VA_LIST_T..#else /* _WIN64 */.typedef char *va_list;.#define va_start(ap,last) _

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\stdbool.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):176
                                                                                                                                                                                                          Entropy (8bit):4.607652660491414
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:YDC60AhCWNRSh4Hf9OKhW70rAcM05eB70AUrEtvQ7DM0zU2kx4Cv:mp0AnRoCkKu0McM0sF0AUn7f4Tv
                                                                                                                                                                                                          MD5:7D294F4EC2C9640974803A61153EF3DD
                                                                                                                                                                                                          SHA1:3BC244518F863B754A97CA1B756580974C0D4356
                                                                                                                                                                                                          SHA-256:5252824225DDC486B0460677F765E4157AF5D3ED7ACD65B310A4045EAFB56AF7
                                                                                                                                                                                                          SHA-512:FF09177DCD695A185D66AFA8405EB7BF0883D4C1E6507F00A12CD958562E2F0444867F6DABDEE6E50CD5977897E4D878F31CB51888BA6878829C96CBF80FB283
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _STDBOOL_H.#define _STDBOOL_H../* ISOC99 boolean */..#define bool._Bool.#define true.1.#define false.0.#define __bool_true_false_are_defined 1..#endif /* _STDBOOL_H */.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\stddef.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1402
                                                                                                                                                                                                          Entropy (8bit):4.8724440555000506
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:d19VSrcs/mbR/4Cm+iOwHCFFfJNn9DAP6V2OCB6E7LuNcWmY/CDGAsC:5VSrH/TCeCFD59DGJUEnhzY/6GA9
                                                                                                                                                                                                          MD5:8B03F5DA84F6175FB1213C1208BB0944
                                                                                                                                                                                                          SHA1:FB7A374705241EE8BA4C59C6BD4829A97B90FA55
                                                                                                                                                                                                          SHA-256:C91FFAAEF5231C6D7E744E0700F1F429C9CFAD88A4112FDD5ABABB701F3B5A4B
                                                                                                                                                                                                          SHA-512:038DA70FFDA4BF66CDF6D0D6792F51B140B0E6EEC8351A286A51D454A81E0571779E16985519DAB47F3B48E6102A54A40101634B86F556C95C2128DC6AED4283
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _STDDEF_H.#define _STDDEF_H..typedef __SIZE_TYPE__ size_t;.typedef __PTRDIFF_TYPE__ ssize_t;.typedef __WCHAR_TYPE__ wchar_t;.typedef __PTRDIFF_TYPE__ ptrdiff_t;.typedef __PTRDIFF_TYPE__ intptr_t;.typedef __SIZE_TYPE__ uintptr_t;..#ifndef __int8_t_defined.#define __int8_t_defined.typedef signed char int8_t;.typedef signed short int int16_t;.typedef signed int int32_t;.#ifdef __LP64__.typedef signed long int int64_t;.#else.typedef signed long long int int64_t;.#endif.typedef unsigned char uint8_t;.typedef unsigned short int uint16_t;.typedef unsigned int uint32_t;.#ifdef __LP64__.typedef unsigned long int uint64_t;.#else.typedef unsigned long long int uint64_t;.#endif.#endif..#ifndef NULL.#define NULL ((void*)0).#endif..#define offsetof(type, field) ((size_t)&((type *)0)->field)..void *alloca(size_t size);..#endif../* Older glibc require a wint_t from <stddef.h> (when requested. by __need_wint_t, as otherwise stddef.h isn't allowed to. define this type). Note that this must

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\stdint.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6333
                                                                                                                                                                                                          Entropy (8bit):5.377774221268906
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Od4Q69/YQhMgPRVQzD+5VO7wRUNsNwxzMD2eT:Ou/f3Riz65VO7wRUNsNwxG
                                                                                                                                                                                                          MD5:90C1945AFA014FC0F8D17078C51502CA
                                                                                                                                                                                                          SHA1:F3A15DC3E32ED97B8CC34C1AFA2C66ECBA3B3BE4
                                                                                                                                                                                                          SHA-256:33C6C8DA7D564B5702AF8C6FF45C00A16842BA3FFE3F95F7F6232752F63C5AFD
                                                                                                                                                                                                          SHA-512:BE8557BDA158662ACC18CBD4445D4D2E6787FB5C78A67F0D0E4A62FFC9D2B1173C30C66CA5C6A247DA8FE7C38B7C57AFF050BD4A35B0120BD95400CFB4C2C2B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./* ISO C9x 7.18 Integer types <stdint.h>. * Based on ISO/IEC SC22/WG14 9899 Committee draft (SC22 N2794). *. * THIS SOFTWARE IS NOT COPYRIGHTED. *. * Contributor: Danny Smith <danny_r_smith_2001@yahoo.co.nz>. *. * This source code is offered for use in the public domain. You may. * use, modify or distribute it freely.. *. * This code is distributed in the hope that it will be useful but. * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY. * DISCLAIMED. This includes but is not limited to warranties of. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.. *. * Date: 2000-12-02. */...#ifndef _STDINT_H.#define _STDINT_H..#include <_mingw.h>..#define __need_wint_t.#define __need_wchar_t.#include "stddef.h"..#ifndef __int8_t_defined.#define __int8_t

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\stdio.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14903
                                                                                                                                                                                                          Entropy (8bit):5.137879509844942
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:VgGovkt8YzcfdLDQgPVj85xhpp0DghdWRUeuzIDcDW40aMsGQLZX9QLbiR:KGr8ocfdL0w5shpwf40lsGQ6biR
                                                                                                                                                                                                          MD5:F4948ADEA7D9F60748DE8B427AB85684
                                                                                                                                                                                                          SHA1:101AD5424E182236EB7F537F17CE846C917CED27
                                                                                                                                                                                                          SHA-256:749059834143BCD5BDCEA13FC863C8B6587A89D6DFC84CD5017A98DF190DEFBD
                                                                                                                                                                                                          SHA-512:49847CA1A78BC100739B3AFC8A0D607AC37E340CEBBB0C04B2C067CDBDD6ED33AC5557214282699A89E39F4B8BB3A8B6383FC0A25C19265089E09B08765EA693
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDIO.#define _INC_STDIO..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#define BUFSIZ 512.#define _NFILE _NSTREAM_.#define _NSTREAM_ 512.#define _IOB_ENTRIES 20.#define EOF (-1)..#ifndef _FILE_DEFINED. struct _iobuf {. char *_ptr;. int _cnt;. char *_base;. int _flag;. int _file;. int _charbuf;. int _bufsiz;. char *_tmpfname;. };. typedef struct _iobuf FILE;.#define _FILE_DEFINED.#endif..#ifdef _POSIX_.#define _P_tmpdir "/".#define _wP_tmpdir L"/".#else.#define _P_tmpdir "\\".#define _wP_tmpdir L"\\".#endif..#define L_tmpnam (sizeof(_P_tmpdir) + 12)..#ifdef _POSIX_.#define L_ctermid 9.#define L_cuserid 32.#endif..#define SEEK_CUR 1.#define SEEK_END 2.#define SEEK_SET 0..#define STDIN_FILENO

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\stdlib.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20426
                                                                                                                                                                                                          Entropy (8bit):5.091356495974476
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:X5I7a44IVaadf7trkr6vrRcbCGX8XnaTjWb5:Uvf7trkr6vrRHaTjWb5
                                                                                                                                                                                                          MD5:53D74BF044942015FEC4AFD293D2F9A8
                                                                                                                                                                                                          SHA1:010AB014E3B81B3A7E2D1D87FF0281A8736A4ABC
                                                                                                                                                                                                          SHA-256:5BBA095A2D22A6BC0670F73BFEBBA63CFEC65F8B7C248E84E36B3D7EDE0A4F3C
                                                                                                                                                                                                          SHA-512:64B66F0D610D37E6F55702130FAD39F39D30F44D33221C6A985CD03948968D4C4CAFB7676402A9A4A029C8539EFBFA5801C0D1BCBF667B876F3E7BB08F9BF89F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STDLIB.#define _INC_STDLIB..#include <_mingw.h>.#include <limits.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define EXIT_SUCCESS 0.#define EXIT_FAILURE 1..#ifndef _ONEXIT_T_DEFINED.#define _ONEXIT_T_DEFINED.. typedef int (__cdecl *_onexit_t)(void);..#ifndef NO_OLDNAMES.#define onexit_t _onexit_t.#endif.#endif..#ifndef _DIV_T_DEFINED.#define _DIV_T_DEFINED.. typedef struct _div_t {. int quot;. int rem;. } div_t;.. typedef struct _ldiv_t {. long quot;. long rem;. } ldiv_t;.#endif..#ifndef _CRT_DOUBLE_DEC.#define _CRT_DOUBLE_DEC..#pragma pack(4). typedef struct {. unsigned char ld[10];. } _LDOUBLE;.#pragma pack()..#defin

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\string.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8590
                                                                                                                                                                                                          Entropy (8bit):4.845158903423087
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:9SahrQ/tJUaRaV/f7WtxfeiZDHy6U4diocGLIvHKLhfyW7Ja0+8:9sJlS6H
                                                                                                                                                                                                          MD5:7E3AC3220BF883DA2DB8CDC7B8100D0B
                                                                                                                                                                                                          SHA1:666E6F91306EF6412AE912FA386B3DECC6332AD5
                                                                                                                                                                                                          SHA-256:D5C02C22653784792EEFF04CC453467BA22C214D9ACE876127EAB5FCCCBCA762
                                                                                                                                                                                                          SHA-512:1E27E9E73C5D3FBEC7CE41CB3B5FD6615BACC416991321BCE22B599150902352CF60078CD447BBBBD49F3106254C5E88E3FB01CA7DE62DA9A4DEDB6FD60F9B7A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STRING.#define _INC_STRING..#include <_mingw.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _NLSCMP_DEFINED.#define _NLSCMP_DEFINED.#define _NLSCMPERROR 2147483647.#endif..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#define _WConst_return _CONST_RETURN..#ifndef _CRT_MEMORY_DEFINED.#define _CRT_MEMORY_DEFINED. _CRTIMP void *__cdecl _memccpy(void *_Dst,const void *_Src,int _Val,size_t _MaxCount);. _CONST_RETURN void *__cdecl memchr(const void *_Buf ,int _Val,size_t _MaxCount);. _CRTIMP int __cdecl _memicmp(const void *_Buf1,const void *_Buf2,size_t _Size);. _CRTIMP int __cdecl _memicmp_l(const void *_Buf1,const void *_Buf2,size_t _Size,_locale_t _Locale);. int __cdecl memcmp(const void *_Buf1,const void *_Bu

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\fcntl.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):359
                                                                                                                                                                                                          Entropy (8bit):4.783912410510983
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1nDA4bf1CAA9:UJJISFcShcFP+4B7SFRClV1ns4xCAA9
                                                                                                                                                                                                          MD5:26DAC89B148799164D02AC701AA67E91
                                                                                                                                                                                                          SHA1:018DB361295E5C140DE8131BB148A09ABA0E3532
                                                                                                                                                                                                          SHA-256:2B4F660FFD8994AFA0387407051E3CA7ECC8FE44BEB2ADD2D431CD52CE8AD9C4
                                                                                                                                                                                                          SHA-512:94BCF1A20D11ADF422B9A83521A5D6950ECA35144CDD719C9CBB483BFB9FC0E57D1BA02D29347A9006B25B1DAC746FDEE952BFDED1E55139586BB9D50386B8B3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * This fcntl.h maps to the root fcntl.h. */.#ifndef __STRICT_ANSI__.#include <fcntl.h>.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\file.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):367
                                                                                                                                                                                                          Entropy (8bit):4.814423977077851
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1n6LACqMMf1CAA9:UJJISFcShcFP+4B7SFRClV1n/pHCAA9
                                                                                                                                                                                                          MD5:DA489932C3143982E94284F464F835CD
                                                                                                                                                                                                          SHA1:78FC0CCE2B7B047712B753AF6DF40258623D2620
                                                                                                                                                                                                          SHA-256:B6E779C53140C117BC36BD335C64BFCB13AE4C2C486B94783B32149A6EB2D320
                                                                                                                                                                                                          SHA-512:02ECE23C55D9C425F2B53C4D3AAFB7CE12B15995AB276CEFA9254C37499B0735FAF43EE32B67BF6A542EEC5147294BD5C16DFE51CAEFEC6C5B1C7807A4FD5858
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * This file.h maps to the root fcntl.h. * TODO?. */.#ifndef __STRICT_ANSI__.#include <fcntl.h>.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-4SE94.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):351
                                                                                                                                                                                                          Entropy (8bit):4.8356374612162245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1y19q/MqL9FPKvbf1CAARc:UJJISFcShcFP+4B7SFRClV1yoxFyvxCU
                                                                                                                                                                                                          MD5:244C135562D0B700D037299E0052A855
                                                                                                                                                                                                          SHA1:59F8A3B33C5CC8BBF95E4B57300628E7599DF682
                                                                                                                                                                                                          SHA-256:1F595A85CAEEEF7385A0BDA94AF51896B214EE26056484AF50353E9393DE1929
                                                                                                                                                                                                          SHA-512:1F5DEF177331B0E4DD86B5FC38FC9CF4F679BCA644C26C993D2A911DCF39DB452D084BF29D76430F5704E218CBCCD86D68F11D38C07B93A818EE446BA249EB53
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * unistd.h maps (roughly) to io.h. */.#ifndef __STRICT_ANSI__.#include <io.h>.#endif..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-6OKOE.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):359
                                                                                                                                                                                                          Entropy (8bit):4.783912410510983
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1nDA4bf1CAA9:UJJISFcShcFP+4B7SFRClV1ns4xCAA9
                                                                                                                                                                                                          MD5:26DAC89B148799164D02AC701AA67E91
                                                                                                                                                                                                          SHA1:018DB361295E5C140DE8131BB148A09ABA0E3532
                                                                                                                                                                                                          SHA-256:2B4F660FFD8994AFA0387407051E3CA7ECC8FE44BEB2ADD2D431CD52CE8AD9C4
                                                                                                                                                                                                          SHA-512:94BCF1A20D11ADF422B9A83521A5D6950ECA35144CDD719C9CBB483BFB9FC0E57D1BA02D29347A9006B25B1DAC746FDEE952BFDED1E55139586BB9D50386B8B3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * This fcntl.h maps to the root fcntl.h. */.#ifndef __STRICT_ANSI__.#include <fcntl.h>.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-E1T68.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2445
                                                                                                                                                                                                          Entropy (8bit):5.105161608995923
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GicuvBGmZ86+8nEGLEGzhlEG5/+Okvk4QEa2Mqh6CJ:srmZca/L/zf/5/AvkpExMqh6CJ
                                                                                                                                                                                                          MD5:19E8A20458A7627517AD83C0BE798773
                                                                                                                                                                                                          SHA1:FB12989D8B6B899F89F10E39559A46D79ADDEC65
                                                                                                                                                                                                          SHA-256:EF43F9F51660AB8282707F7169CC3D977878E623743D23EC565663FE2B4E9782
                                                                                                                                                                                                          SHA-512:4C21638910D0C87097E2FFC7B28B1011601E7B187297F9B9C2C3DB52596F84A0CFE089EF172A0DCDA0DCBE0B5B5DC94F36401A233CF7B903520C98B826A769DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIMEB_H_.#define _TIMEB_H_..#include <_mingw.h>..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED. typedef long __time32_t;.#define _TIME32_T_DEFINED.#endif..#ifndef _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#define _TIME64_T_DEFINED.#endif..#ifndef _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typedef __time64_t time_t;.#endif.#define _TIME_T_DEF

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-FFHVM.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2128
                                                                                                                                                                                                          Entropy (8bit):5.025170221794001
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:G/uvbKQUIpV0OC1I/bFHb3wHbdyOkvk4QEa2K:WMKQ7V0/SFHDwHxkvkpExK
                                                                                                                                                                                                          MD5:C8F3B2F1FCF386398B5F130F0599A72E
                                                                                                                                                                                                          SHA1:242163A76E04F20CE4B3D5D0A959D66B978F43AD
                                                                                                                                                                                                          SHA-256:F1C3F9E5C811A63BEBAE5229042C09CB5E057F4117FD31B45AACBB4C3A626DF8
                                                                                                                                                                                                          SHA-512:3239360E2F810EBBB853581E01657A69BA9A56F6BBB29288011D6F842CE2C405D27A7D818C5E4809AE053481723DFA7DC37E4778EDFE6B6392884EB32804AA03
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_TYPES.#define _INC_TYPES..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED.typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64.typedef __int64 __time64_t;.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T.typedef __time32_t time_t;.#else.typedef __time64_t time_t;.#endif.#endif..#ifndef _INO_T_DEFINED.#define _INO_T_DEFINED.typedef unsigned short _ino_t;.#ifndef.NO_OLDNAMES.typedef unsigned short ino_t;.#

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-MFVSU.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):648
                                                                                                                                                                                                          Entropy (8bit):4.971114123290285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BFYLiSUfmMLGe2wAdcQr+VDRwrf7AIDjBArvjUOpy:i2PSh0PD+ivmMy4CVEABYjUOpy
                                                                                                                                                                                                          MD5:28BD6385B1C6AF18F7B2B2FA7F66827A
                                                                                                                                                                                                          SHA1:AD01251C9D742578F2962D71A17969DA842C5A2A
                                                                                                                                                                                                          SHA-256:29786145E9AF34A1F96E7368855B19E8879FC80D35A172D9BA97D3C7FC2F6311
                                                                                                                                                                                                          SHA-512:04DF92A3257B4A87FC1A00C65F700C6A9F4897FF3E258FBD27A3B3AD5426A35FAA7371735F829F4DA40E622E75A8259D4022F0F54BF8F52CA5ACFD234ED75CBE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_LOCKING.#define _INC_LOCKING..#ifndef _WIN32.#error Only Win32 target is supported!.#endif../* All the headers include this file. */.#include <_mingw.h>..#define _LK_UNLCK 0.#define _LK_LOCK 1.#define _LK_NBLCK 2.#define _LK_RLCK 3.#define _LK_NBRLCK 4..#ifndef.NO_OLDNAMES.#define LK_UNLCK _LK_UNLCK.#define LK_LOCK _LK_LOCK.#define LK_NBLCK _LK_NBLCK.#define LK_RLCK _LK_RLCK.#define LK_NBRLCK _LK_NBRLCK.#endif..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-MGP2A.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):367
                                                                                                                                                                                                          Entropy (8bit):4.814423977077851
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1n6LACqMMf1CAA9:UJJISFcShcFP+4B7SFRClV1n/pHCAA9
                                                                                                                                                                                                          MD5:DA489932C3143982E94284F464F835CD
                                                                                                                                                                                                          SHA1:78FC0CCE2B7B047712B753AF6DF40258623D2620
                                                                                                                                                                                                          SHA-256:B6E779C53140C117BC36BD335C64BFCB13AE4C2C486B94783B32149A6EB2D320
                                                                                                                                                                                                          SHA-512:02ECE23C55D9C425F2B53C4D3AAFB7CE12B15995AB276CEFA9254C37499B0735FAF43EE32B67BF6A542EEC5147294BD5C16DFE51CAEFEC6C5B1C7807A4FD5858
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * This file.h maps to the root fcntl.h. * TODO?. */.#ifndef __STRICT_ANSI__.#include <fcntl.h>.#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-OK3OK.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1717
                                                                                                                                                                                                          Entropy (8bit):5.134085097588011
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GIN024uIvNjYW0Q3VE9/6MLE0Rfn0AzMb:/02E18W0Q3+IclRf0nb
                                                                                                                                                                                                          MD5:D8BDDDB8A0B2E59371CE79EF056873C5
                                                                                                                                                                                                          SHA1:25F481B63F4343DCD56D2F15FE205F16BF008CB1
                                                                                                                                                                                                          SHA-256:518741F286545434DF676572E53BF8553B0496A7138942DC6B20FF252B4293E4
                                                                                                                                                                                                          SHA-512:4E009938EB6499F59022D1C2227A7E10FDE44C1CC4A38DE415B9E2C4E932E302C25845D68C6B2107CC037AB8053FE43350B2312A70130880004881E53EDB8F16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _SYS_TIME_H_.#define _SYS_TIME_H_..#include <time.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef __STRICT_ANSI__.#ifndef _TIMEVAL_DEFINED /* also in winsock[2].h */.#define _TIMEVAL_DEFINED.struct timeval {. long tv_sec;. long tv_usec;.};.#define timerisset(tvp). ((tvp)->tv_sec || (tvp)->tv_usec).#define timercmp(tvp, uvp, cmp) \. (((tvp)->tv_sec != (uvp)->tv_sec) ? \. ((tvp)->tv_sec cmp (uvp)->tv_sec) : \. ((tvp)->tv_usec cmp (uvp)->tv_usec)).#define timerclear(tvp). (tvp)->tv_sec = (tvp)->tv_usec = 0.#endif /* _TIMEVAL_DEFINED */..#ifndef _TIMEZONE_DEFINED /* also in sys/time.h */.#define _TIMEZONE_DEFINED./* Provided for compatibility with code that assumes that. the presence of gettimeofday function implies a definition. of struct timezone. */.struc

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-PQ9BK.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3429
                                                                                                                                                                                                          Entropy (8bit):5.0927661539295
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:0AqQeDbkF8080FQrkLt17kciYcTh6Wkcakc/Dk3Ih67k3R:0AVebbrShi1THhahrIIYIR
                                                                                                                                                                                                          MD5:0FD455848E3B07648883FF0C890BA3B6
                                                                                                                                                                                                          SHA1:22430C3CA7A2FABF95297BA72CA5FB175E37E996
                                                                                                                                                                                                          SHA-256:524312E3E8A325F7D5AFC21DDB8FCBCEB85D451175E07EF1BEADB7F82FA368B3
                                                                                                                                                                                                          SHA-512:53ADBB9316B7AD49BEF5018E3C32C10272A2D4A5CCF9A91D818D48C94C4DC4650ACC2AD462C2154E010E666B762B0B7F57BAD1A471830A0C5BB7422AFC62F840
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_UTIME.#define _INC_UTIME..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#define _WCHAR_T_DEFINED.#endif..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED. typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFIN

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\is-QU0GB.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6881
                                                                                                                                                                                                          Entropy (8bit):5.0578662257513605
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:1Roa8xTSS9V89V0B9V69VP9VCJQI99wMupDGi+dpq+p:UdTSE44GPkfyDGi+Lq+p
                                                                                                                                                                                                          MD5:C03D618D6697B5E3992FEEA86A9C4CB8
                                                                                                                                                                                                          SHA1:4536CCD81AAEF11CF7480649B8B99836C8B32291
                                                                                                                                                                                                          SHA-256:4DC126AB4B3177DA85E40ED56A7D4516105E436A4624272992816B23E03915B5
                                                                                                                                                                                                          SHA-512:236235AA9B16B4CEB82C05BF526ECA702CB7D8C542F88D0BDB2416AC3BE8214688E6BA47BD253AAA877E173197035FD1EA7BF88AAE6C72C907E898182A5593C0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STAT.#define _INC_STAT..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#include <sys/types.h>..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED. typedef long __time32_t;.#define _TIME32_T_DEFINED.#endif..#ifndef _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#define _TIME64_T_DEFINED.#endif..#ifndef _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typedef __tim

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\locking.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):648
                                                                                                                                                                                                          Entropy (8bit):4.971114123290285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:UJJISFcShcFP+4BFYLiSUfmMLGe2wAdcQr+VDRwrf7AIDjBArvjUOpy:i2PSh0PD+ivmMy4CVEABYjUOpy
                                                                                                                                                                                                          MD5:28BD6385B1C6AF18F7B2B2FA7F66827A
                                                                                                                                                                                                          SHA1:AD01251C9D742578F2962D71A17969DA842C5A2A
                                                                                                                                                                                                          SHA-256:29786145E9AF34A1F96E7368855B19E8879FC80D35A172D9BA97D3C7FC2F6311
                                                                                                                                                                                                          SHA-512:04DF92A3257B4A87FC1A00C65F700C6A9F4897FF3E258FBD27A3B3AD5426A35FAA7371735F829F4DA40E622E75A8259D4022F0F54BF8F52CA5ACFD234ED75CBE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_LOCKING.#define _INC_LOCKING..#ifndef _WIN32.#error Only Win32 target is supported!.#endif../* All the headers include this file. */.#include <_mingw.h>..#define _LK_UNLCK 0.#define _LK_LOCK 1.#define _LK_NBLCK 2.#define _LK_RLCK 3.#define _LK_NBRLCK 4..#ifndef.NO_OLDNAMES.#define LK_UNLCK _LK_UNLCK.#define LK_LOCK _LK_LOCK.#define LK_NBLCK _LK_NBLCK.#define LK_RLCK _LK_RLCK.#define LK_NBRLCK _LK_NBRLCK.#endif..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\stat.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6881
                                                                                                                                                                                                          Entropy (8bit):5.0578662257513605
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:1Roa8xTSS9V89V0B9V69VP9VCJQI99wMupDGi+dpq+p:UdTSE44GPkfyDGi+Lq+p
                                                                                                                                                                                                          MD5:C03D618D6697B5E3992FEEA86A9C4CB8
                                                                                                                                                                                                          SHA1:4536CCD81AAEF11CF7480649B8B99836C8B32291
                                                                                                                                                                                                          SHA-256:4DC126AB4B3177DA85E40ED56A7D4516105E436A4624272992816B23E03915B5
                                                                                                                                                                                                          SHA-512:236235AA9B16B4CEB82C05BF526ECA702CB7D8C542F88D0BDB2416AC3BE8214688E6BA47BD253AAA877E173197035FD1EA7BF88AAE6C72C907E898182A5593C0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_STAT.#define _INC_STAT..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>.#include <io.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#include <sys/types.h>..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED. typedef long __time32_t;.#define _TIME32_T_DEFINED.#endif..#ifndef _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#define _TIME64_T_DEFINED.#endif..#ifndef _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typedef __tim

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\time.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1717
                                                                                                                                                                                                          Entropy (8bit):5.134085097588011
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GIN024uIvNjYW0Q3VE9/6MLE0Rfn0AzMb:/02E18W0Q3+IclRf0nb
                                                                                                                                                                                                          MD5:D8BDDDB8A0B2E59371CE79EF056873C5
                                                                                                                                                                                                          SHA1:25F481B63F4343DCD56D2F15FE205F16BF008CB1
                                                                                                                                                                                                          SHA-256:518741F286545434DF676572E53BF8553B0496A7138942DC6B20FF252B4293E4
                                                                                                                                                                                                          SHA-512:4E009938EB6499F59022D1C2227A7E10FDE44C1CC4A38DE415B9E2C4E932E302C25845D68C6B2107CC037AB8053FE43350B2312A70130880004881E53EDB8F16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */..#ifndef _SYS_TIME_H_.#define _SYS_TIME_H_..#include <time.h>..#ifdef __cplusplus.extern "C" {.#endif..#ifndef __STRICT_ANSI__.#ifndef _TIMEVAL_DEFINED /* also in winsock[2].h */.#define _TIMEVAL_DEFINED.struct timeval {. long tv_sec;. long tv_usec;.};.#define timerisset(tvp). ((tvp)->tv_sec || (tvp)->tv_usec).#define timercmp(tvp, uvp, cmp) \. (((tvp)->tv_sec != (uvp)->tv_sec) ? \. ((tvp)->tv_sec cmp (uvp)->tv_sec) : \. ((tvp)->tv_usec cmp (uvp)->tv_usec)).#define timerclear(tvp). (tvp)->tv_sec = (tvp)->tv_usec = 0.#endif /* _TIMEVAL_DEFINED */..#ifndef _TIMEZONE_DEFINED /* also in sys/time.h */.#define _TIMEZONE_DEFINED./* Provided for compatibility with code that assumes that. the presence of gettimeofday function implies a definition. of struct timezone. */.struc

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\timeb.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2445
                                                                                                                                                                                                          Entropy (8bit):5.105161608995923
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GicuvBGmZ86+8nEGLEGzhlEG5/+Okvk4QEa2Mqh6CJ:srmZca/L/zf/5/AvkpExMqh6CJ
                                                                                                                                                                                                          MD5:19E8A20458A7627517AD83C0BE798773
                                                                                                                                                                                                          SHA1:FB12989D8B6B899F89F10E39559A46D79ADDEC65
                                                                                                                                                                                                          SHA-256:EF43F9F51660AB8282707F7169CC3D977878E623743D23EC565663FE2B4E9782
                                                                                                                                                                                                          SHA-512:4C21638910D0C87097E2FFC7B28B1011601E7B187297F9B9C2C3DB52596F84A0CFE089EF172A0DCDA0DCBE0B5B5DC94F36401A233CF7B903520C98B826A769DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIMEB_H_.#define _TIMEB_H_..#include <_mingw.h>..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED. typedef long __time32_t;.#define _TIME32_T_DEFINED.#endif..#ifndef _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#define _TIME64_T_DEFINED.#endif..#ifndef _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typedef __time64_t time_t;.#endif.#define _TIME_T_DEF

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\types.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2128
                                                                                                                                                                                                          Entropy (8bit):5.025170221794001
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:G/uvbKQUIpV0OC1I/bFHb3wHbdyOkvk4QEa2K:WMKQ7V0/SFHDwHxkvkpExK
                                                                                                                                                                                                          MD5:C8F3B2F1FCF386398B5F130F0599A72E
                                                                                                                                                                                                          SHA1:242163A76E04F20CE4B3D5D0A959D66B978F43AD
                                                                                                                                                                                                          SHA-256:F1C3F9E5C811A63BEBAE5229042C09CB5E057F4117FD31B45AACBB4C3A626DF8
                                                                                                                                                                                                          SHA-512:3239360E2F810EBBB853581E01657A69BA9A56F6BBB29288011D6F842CE2C405D27A7D818C5E4809AE053481723DFA7DC37E4778EDFE6B6392884EB32804AA03
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_TYPES.#define _INC_TYPES..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED.typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64.typedef __int64 __time64_t;.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T.typedef __time32_t time_t;.#else.typedef __time64_t time_t;.#endif.#endif..#ifndef _INO_T_DEFINED.#define _INO_T_DEFINED.typedef unsigned short _ino_t;.#ifndef.NO_OLDNAMES.typedef unsigned short ino_t;.#

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\unistd.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):351
                                                                                                                                                                                                          Entropy (8bit):4.8356374612162245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r7SFlLClXF1y19q/MqL9FPKvbf1CAARc:UJJISFcShcFP+4B7SFRClV1yoxFyvxCU
                                                                                                                                                                                                          MD5:244C135562D0B700D037299E0052A855
                                                                                                                                                                                                          SHA1:59F8A3B33C5CC8BBF95E4B57300628E7599DF682
                                                                                                                                                                                                          SHA-256:1F595A85CAEEEF7385A0BDA94AF51896B214EE26056484AF50353E9393DE1929
                                                                                                                                                                                                          SHA-512:1F5DEF177331B0E4DD86B5FC38FC9CF4F679BCA644C26C993D2A911DCF39DB452D084BF29D76430F5704E218CBCCD86D68F11D38C07B93A818EE446BA249EB53
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */./*. * This file is part of the Mingw32 package.. *. * unistd.h maps (roughly) to io.h. */.#ifndef __STRICT_ANSI__.#include <io.h>.#endif..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\sys\utime.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3429
                                                                                                                                                                                                          Entropy (8bit):5.0927661539295
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:0AqQeDbkF8080FQrkLt17kciYcTh6Wkcakc/Dk3Ih67k3R:0AVebbrShi1THhahrIIYIR
                                                                                                                                                                                                          MD5:0FD455848E3B07648883FF0C890BA3B6
                                                                                                                                                                                                          SHA1:22430C3CA7A2FABF95297BA72CA5FB175E37E996
                                                                                                                                                                                                          SHA-256:524312E3E8A325F7D5AFC21DDB8FCBCEB85D451175E07EF1BEADB7F82FA368B3
                                                                                                                                                                                                          SHA-512:53ADBB9316B7AD49BEF5018E3C32C10272A2D4A5CCF9A91D818D48C94C4DC4650ACC2AD462C2154E010E666B762B0B7F57BAD1A471830A0C5BB7422AFC62F840
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_UTIME.#define _INC_UTIME..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#define _WCHAR_T_DEFINED.#endif..#ifndef __TINYC__ /* gr */.#ifdef _USE_32BIT_TIME_T.#ifdef _WIN64.#undef _USE_32BIT_TIME_T.#endif.#else.#if _INTEGRAL_MAX_BITS < 64.#define _USE_32BIT_TIME_T.#endif.#endif.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED. typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64. typedef __int64 __time64_t;.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFIN

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\tcc\is-8TSOB.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, Unicode text, UTF-8 text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5780
                                                                                                                                                                                                          Entropy (8bit):5.046971371476785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:jlnbfJdTPPut0CQHXOiNZIZvYx6G5Pcz3mZqZ9VZ59uxS34n3C3:NfJdSbQHXVNiVYx6G5Y3UO9VFuxS34A
                                                                                                                                                                                                          MD5:7166D4B47303E4DC38EBEAE8B204075F
                                                                                                                                                                                                          SHA1:FA0341B00479D682C8A398E8EC1C6D4D7FC2D05A
                                                                                                                                                                                                          SHA-256:758E0585EDFBCE44BF27E0BB44D9B22AF53B86C9C265E4303DF9B270194ED4FF
                                                                                                                                                                                                          SHA-512:4A4DF260266B6F17DA29E71254969DBE377CC11BADE3513BAB1F3B767CE049C9BBE1B0656263763BFB5D10C9D325B425364F000BAA4342572556716B857E796D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _TCC_LIBM_H_.#define _TCC_LIBM_H_..#include "../math.h"../* TCC uses 8 bytes for double and long double, so effectively the l variants. * are never used. For now, they just run the normal (double) variant.. */../*. * most of the code in this file is taken from MUSL rs-1.0 (MIT license). * - musl-libc: http://git.musl-libc.org/cgit/musl/tree/src/math?h=rs-1.0. * - License: http://git.musl-libc.org/cgit/musl/tree/COPYRIGHT?h=rs-1.0. */../*******************************************************************************. Start of code based on MUSL.*******************************************************************************/./*.musl as a whole is licensed under the following standard MIT license:..----------------------------------------------------------------------.Copyright . 2005-2014 Rich Felker, et al...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\tcc\tcc_libm.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, Unicode text, UTF-8 text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5780
                                                                                                                                                                                                          Entropy (8bit):5.046971371476785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:jlnbfJdTPPut0CQHXOiNZIZvYx6G5Pcz3mZqZ9VZ59uxS34n3C3:NfJdSbQHXVNiVYx6G5Y3UO9VFuxS34A
                                                                                                                                                                                                          MD5:7166D4B47303E4DC38EBEAE8B204075F
                                                                                                                                                                                                          SHA1:FA0341B00479D682C8A398E8EC1C6D4D7FC2D05A
                                                                                                                                                                                                          SHA-256:758E0585EDFBCE44BF27E0BB44D9B22AF53B86C9C265E4303DF9B270194ED4FF
                                                                                                                                                                                                          SHA-512:4A4DF260266B6F17DA29E71254969DBE377CC11BADE3513BAB1F3B767CE049C9BBE1B0656263763BFB5D10C9D325B425364F000BAA4342572556716B857E796D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#ifndef _TCC_LIBM_H_.#define _TCC_LIBM_H_..#include "../math.h"../* TCC uses 8 bytes for double and long double, so effectively the l variants. * are never used. For now, they just run the normal (double) variant.. */../*. * most of the code in this file is taken from MUSL rs-1.0 (MIT license). * - musl-libc: http://git.musl-libc.org/cgit/musl/tree/src/math?h=rs-1.0. * - License: http://git.musl-libc.org/cgit/musl/tree/COPYRIGHT?h=rs-1.0. */../*******************************************************************************. Start of code based on MUSL.*******************************************************************************/./*.musl as a whole is licensed under the following standard MIT license:..----------------------------------------------------------------------.Copyright . 2005-2014 Rich Felker, et al...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\tccdefs.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10222
                                                                                                                                                                                                          Entropy (8bit):5.118611530215232
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:cwxjJoLCBGnjq/Kn4aq3qvsbLJKr7nnJik1gngZxl9e7PpTGO+HT7R8AitqazIh5:cwzbLJyLnJ6O8PpTGOEiNzIhIbIXP3JF
                                                                                                                                                                                                          MD5:ACE688BCE0201B3B8BC3B7AF3CEC1BA7
                                                                                                                                                                                                          SHA1:7B967DE03772076207537292C4163994D4EAD095
                                                                                                                                                                                                          SHA-256:FACA8509C87FAE987A5E98CDC95171E036895037427D12930E2A83092D23FBB5
                                                                                                                                                                                                          SHA-512:A83753F6A1B82BCDFCF0B948C93F2E09A0A13105A112C161ABAD6DE84162DA67600CF5458FF51264DDC462077033DE3C8496E7B2251831871005D747AE58A24A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/* tccdefs.h.... Nothing is defined before this file except target machine, target os.. and the few things related to option settings in tccpp.c:tcc_predefs()..... This file is either included at runtime as is, or converted and.. included as C-strings at compile-time (depending on CONFIG_TCC_PREDEFS)..... Note that line indent matters:.... - in lines starting at column 1, platform macros are replaced by.. corresponding TCC target compile-time macros. See conftest.c for.. the list of platform macros supported in lines starting at column 1..... - only lines indented >= 4 are actually included into the executable,.. check tccdefs_.h...*/....#if __SIZEOF_POINTER__ == 4.. /* 32bit systems. */..#if defined TARGETOS_OpenBSD.. #define __SIZE_TYPE__ unsigned long.. #define __PTRDIFF_TYPE__ long..#else.. #define __SIZE_TYPE__ unsigned int.. #define __PTRDIFF_TYPE__ int..#endif.. #define __ILP32__ 1.. #define __INT64_TYPE__ long long..#el

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\tchar.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):31364
                                                                                                                                                                                                          Entropy (8bit):4.752286291497649
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:ngntwzzdfQQbqvoRFCM/CVwLn4wyQoPUQ:PzdfQQbqvo1UwNoPUQ
                                                                                                                                                                                                          MD5:E237270733EDC1CB97B10870A3D50A69
                                                                                                                                                                                                          SHA1:C2406D465B5E8D94E1CB61C6C3F312BDB018AC80
                                                                                                                                                                                                          SHA-256:7FE5FDE028FF8F69D2BDA910664E2C169E7B92C6E7F2CF7915EB72054A9746FF
                                                                                                                                                                                                          SHA-512:8DF9ADD42AD3C8C378E93AF4BEC69489D59B8088974A40EC04FB91749DC050E3000674C9388FAE9937F87D6ABB60199B13D179BF0A8654370A66DB64CDD2E1B1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#include <_mingw.h>..#ifndef _INC_TCHAR.#define _INC_TCHAR..#ifdef _STRSAFE_H_INCLUDED_.#error Need to include strsafe.h after tchar.h.#endif..#ifdef __cplusplus.extern "C" {.#endif..#define _ftcscat _tcscat.#define _ftcschr _tcschr.#define _ftcscpy _tcscpy.#define _ftcscspn _tcscspn.#define _ftcslen _tcslen.#define _ftcsncat _tcsncat.#define _ftcsncpy _tcsncpy.#define _ftcspbrk _tcspbrk.#define _ftcsrchr _tcsrchr.#define _ftcsspn _tcsspn.#define _ftcsstr _tcsstr.#define _ftcstok _tcstok..#define _ftcsdup _tcsdup.#define _ftcsnset _tcsnset.#define _ftcsrev _tcsrev.#define _ftcsset _tcsset..#define _ftcscmp _tcscmp.#define _ftcsicmp _tcsicmp.#define _ftcsnccmp _tcsnccmp.#define _ftcsncmp _tcsncmp.#define _ftcsncicmp _tcsncicmp.#define _ftcsnicmp _tcsnicmp..#define _ftcscoll _tc

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\time.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8405
                                                                                                                                                                                                          Entropy (8bit):5.100723832842219
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:0ih8Bf8Bx8B6qwyKg758H898Bc8BQGDL2XMR6fm4RFeU6sxhE2JFE:0G8Bf8Bx8Bxwyz58O8Bc8Bv208m4RFeD
                                                                                                                                                                                                          MD5:698EA0C0196BA07E9B949406DBB9FFD7
                                                                                                                                                                                                          SHA1:7296CFE82FAB54F08D44CE9CBAB92BEF7D96C96E
                                                                                                                                                                                                          SHA-256:453793A2D6C6FC772D1CDD60E701FB3D393D752937C1D6B2CA64D5F1CEC9FD36
                                                                                                                                                                                                          SHA-512:49984DDD4866060D8E310CA6A2BD53DEA87ABA70778202C5EFED126C35B244DF90C42D61477775F327B30597138A73FB2B2EE2E1050DC6732FAEB766E870C146
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _TIME_H_.#define _TIME_H_..#include <_mingw.h>..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED.#define _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#endif..#ifndef _TIME32_T_DEFINED.#define _TIME32_T_DEFINED. typedef long __time32_t;.#endif..#ifndef _TIME64_T_DEFINED.#define _TIME64_T_DEFINED.#if _INTEGRAL_MAX_BITS >= 64.#if defined(__GNUC__) && defined(__STRICT_ANSI__). typedef int _time64_t __attribute__ ((mode (DI)));.#else. typedef __int64 __time64_t;.#endif.#endif.#endif..#ifndef _TIME_T_DEFINED.#define _TIME_T_DEFINED.#ifdef _USE_32BIT_TIME_T. typedef __time32_t time_t;.#else. typ

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\vadefs.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):304
                                                                                                                                                                                                          Entropy (8bit):4.976431807239841
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2n2ADbA96Iy/KTMk:UJJISFcShcFP+4BbHYPSN
                                                                                                                                                                                                          MD5:DDA4463DA15121ED7AD4F091FBF61DFF
                                                                                                                                                                                                          SHA1:84B4C4973306EF725C3F61446AB891CAC6AA66A4
                                                                                                                                                                                                          SHA-256:2E6AB359559319A11A80F8F52AA0472CD0B141137F3A1EAA18C40D8827DC51D4
                                                                                                                                                                                                          SHA-512:D3417CF7702A17F0F327CBAF8D167D7830A2955C19D553893329696CDF2312707595CF0F6DDAA36EA18D0CEA41F24E6FA9C15AC14D5BC567BC25A1CC81B733FE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_VADEFS.#define _INC_VADEFS..//!__TINYC__: GNUC specific stuff removed..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\values.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):126
                                                                                                                                                                                                          Entropy (8bit):4.580595223579644
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:UwqZKUaAJAtMLnKEwOEtLDLaF9rL4AsNXIC:Uwq1LJvnKEcXaF94FNXIC
                                                                                                                                                                                                          MD5:621045AE9CA57FE30C8A99DD52AC5703
                                                                                                                                                                                                          SHA1:39B1E30A678EAC4DF1B78C0EF9D315A18DF4F156
                                                                                                                                                                                                          SHA-256:FA3758847B33F59ABE99B023BE00D8A027C391ECD0580A1FE755497C11E0C723
                                                                                                                                                                                                          SHA-512:AADE260048487D82F129A9A51FBDEA949793465C33DC147B31943D22523FB1A63C48F80FCA370D5929BCCA76B89CD15D9786C439A65C396BB4A5416D387E3F3A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*. * TODO: Nothing here yet. Should provide UNIX compatibility constants. * comparable to those in limits.h and float.h.. */.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\varargs.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):355
                                                                                                                                                                                                          Entropy (8bit):4.9174278150037285
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2Ti2F0A/ivi+M8WjTffBX5FoKtn+cs:UJJISFcShcFP+4B6Xr/qi+MHjjfBcKta
                                                                                                                                                                                                          MD5:8C659FCB5BA111C2A40716A84A2540D8
                                                                                                                                                                                                          SHA1:20069AF3A3805CF4CB05339F7A7A860F04A1E4B9
                                                                                                                                                                                                          SHA-256:07858857F4EED0A61DF94BEB1A9D678B53FC3D67A0B0E8936155F85DDBCD1DCC
                                                                                                                                                                                                          SHA-512:D1B19DEC523C79320BB3380F29981A49EFB178F06C0538BCE0A5B36AFEABEC9BE0F2A9D02436EDF2AC0970CB14B175B3387BBB14A1E5F62EEC9971C0C7648A99
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _VARARGS_H.#define _VARARGS_H..#error "TinyCC no longer implements <varargs.h>.".#error "Revise your code to use <stdarg.h>."..#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\wchar.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):34132
                                                                                                                                                                                                          Entropy (8bit):5.065285191271868
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:2186Orc7LIJ8SNgVx6eG17k8MGOHlE4eGP0+aILsGQ86jWIwF2iiEYbS:2IcE8SNgVx61JC6jry2E
                                                                                                                                                                                                          MD5:D6B25F8E3068967751493431B36C4248
                                                                                                                                                                                                          SHA1:3145ED71F286525D1FF492AE920B30694123259E
                                                                                                                                                                                                          SHA-256:C9BF12E02A2AB0783ED1C66DFE43DE43C402B33906CADA9B1157502A82C7C3E4
                                                                                                                                                                                                          SHA-512:02A480389CECC909978130585609F57D03728726E72E5FEE89874ACCA4122D971D74FC615949F8675513EDCFE3198201AD0118F795B147C6FCA10D28E8856645
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCHAR.#define _INC_WCHAR..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WCHAR_MIN /* also at stdint.h */.#define WCHAR_MIN 0.#define WCHAR_MAX ((wchar_t) -1) /* UINT16_MAX */.#endif..#ifndef __GNUC_VA_LIST.#define __GNUC_VA_LIST. typedef __builtin_va_list __gnuc_va_list;.#endif..#ifndef _VA_LIST_DEFINED.#define _VA_LIST_DEFINED. typedef __gnuc_va_list va_list;.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _FILE_DEFINED. struct _iobuf {. char *_ptr;. int _cnt;. char *_base;. int _flag;. int _file;. int _charbuf;. int _bufsiz;. char *_tmpfname;. };. typedef struct _iobuf FILE;.#define _FILE_DEFINED.#endif..#ifndef _STDIO_DEFINED.#ifdef _WIN64. _CRTIMP FILE *__

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\wctype.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4782
                                                                                                                                                                                                          Entropy (8bit):5.146949090032166
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:4+KnaNsLsNwnSTOXNXgXXXVX+1XPXmXIX6QXJX9XZXdwUSv:4+KA6O6XNXgXXXVXkXPXmXIXfXJX9XZK
                                                                                                                                                                                                          MD5:C238CFA11A44926BECD364AB35BFC821
                                                                                                                                                                                                          SHA1:54D68B8EF71D277BD5173E0AAC794D6EBDB00360
                                                                                                                                                                                                          SHA-256:E12D9C5BCBE4DFB96EA6C75410EA287917B3C24BFF9CD2E716D35E00C1D4906C
                                                                                                                                                                                                          SHA-512:C64F6A3B18D84C8498A2270E7152C4001D6D7EE1ACD04169F616A7808A05A02F34E2876BA0CB8D979AE75752109B50A65A66207C86FE936402BDA39AC93833C0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _INC_WCTYPE.#define _INC_WCTYPE..#ifndef _WIN32.#error Only Win32 target is supported!.#endif..#include <_mingw.h>..#pragma pack(push,_CRT_PACKING)..#ifdef __cplusplus.extern "C" {.#endif..#ifndef _CRTIMP.#define _CRTIMP __declspec(dllimport).#endif..#ifndef _WCHAR_T_DEFINED. typedef unsigned short wchar_t;.#define _WCHAR_T_DEFINED.#endif..#ifndef _WCTYPE_T_DEFINED. typedef unsigned short wint_t;. typedef unsigned short wctype_t;.#define _WCTYPE_T_DEFINED.#endif..#ifndef WEOF.#define WEOF (wint_t)(0xFFFF).#endif..#ifndef _CRT_CTYPEDATA_DEFINED.#define _CRT_CTYPEDATA_DEFINED.#ifndef _CTYPE_DISABLE_MACROS..#ifndef __PCTYPE_FUNC.#define __PCTYPE_FUNC __pctype_func().#ifdef _MSVCRT_.#define __pctype_func() (_pctype).#else.#define __pctype_func() (*_imp___pctype).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\basetsd.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5614
                                                                                                                                                                                                          Entropy (8bit):5.234194137175846
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:xOYJhN+GRWlYdGmc0/5ZLURGFVwae+NmZLaVkGMGMRRMhHmdd7sAKGU1LRlw+4i7:xO8hIGRWl6Gmc0hw8Vre+NmcVk5rSHIQ
                                                                                                                                                                                                          MD5:4BF8483CA6A55237B88B3FB04917C9B4
                                                                                                                                                                                                          SHA1:1D5A57A8AF15FF88521335970F6C547EB2BDA403
                                                                                                                                                                                                          SHA-256:5C9CBAA16ABF57400ED31B49AAB7EE015788DBE7D3B58F3D53C86DB3807DD6F0
                                                                                                                                                                                                          SHA-512:7C4E012EF32A9529A0FA648320796D2ABB287C3C37F22D2CFEFE62FD0851CF68B5D373316AD70B51D09F0D0F1F48843A5D6E430C12367B5363648EEFF1160466
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _BASETSD_H_.#define _BASETSD_H_..#if (defined(__x86_64) || defined(__ia64__)) && !defined(RC_INVOKED).typedef unsigned __int64 POINTER_64_INT;.#else.typedef unsigned long POINTER_64_INT;.#endif..#define POINTER_32.#define POINTER_64.#define FIRMWARE_PTR..#ifdef __cplusplus.extern "C" {.#endif.. typedef signed char INT8,*PINT8;. typedef signed short INT16,*PINT16;. typedef signed int INT32,*PINT32;. typedef signed __int64 INT64,*PINT64;. typedef unsigned char UINT8,*PUINT8;. typedef unsigned short UINT16,*PUINT16;. typedef unsigned int UINT32,*PUINT32;. typedef unsigned __int64 UINT64,*PUINT64;. typedef signed int LONG32,*PLONG32;. typedef unsigned int ULONG32,*PULONG32;. typedef unsigned int DWORD32,*PDWORD32;..#ifndef _W64.#define _W64.#endif..#ifdef _WIN64

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\basetyps.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2413
                                                                                                                                                                                                          Entropy (8bit):5.267985342570529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:G+qAaBjES2EZs96PiYkAahW4h+gt/04hOgldUOkke:TqAuEThH3Vy
                                                                                                                                                                                                          MD5:09DFC50C697476FDC240969717C514CE
                                                                                                                                                                                                          SHA1:C9D444C897A96A4B475379C7C6B826FDF2DFF2E5
                                                                                                                                                                                                          SHA-256:34842EE3389CB13A72A2B87EC930AADBFFCE8906EB31480180CFF541C7F44134
                                                                                                                                                                                                          SHA-512:DE3E258D4DF8E046A131110FADAC12572CA14A7359F1C44C41DEBC7E8F1424A93BEC6300E3CA21BEEB55FF4B3AB572F0B3059D9399C89CFF27D154DCC90238F7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !defined(_BASETYPS_H_).#define _BASETYPS_H_..#ifdef __cplusplus.#define EXTERN_C extern "C".#else.#define EXTERN_C extern.#endif..#define STDMETHODCALLTYPE WINAPI.#define STDMETHODVCALLTYPE __cdecl..#define STDAPICALLTYPE WINAPI.#define STDAPIVCALLTYPE __cdecl..#define STDAPI EXTERN_C HRESULT WINAPI.#define STDAPI_(type) EXTERN_C type WINAPI..#define STDMETHODIMP HRESULT WINAPI.#define STDMETHODIMP_(type) type WINAPI..#define STDAPIV EXTERN_C HRESULT STDAPIVCALLTYPE.#define STDAPIV_(type) EXTERN_C type STDAPIVCALLTYPE..#define STDMETHODIMPV HRESULT STDMETHODVCALLTYPE.#define STDMETHODIMPV_(type) type STDMETHODVCALLTYPE..#if defined(__cplusplus) && !defined(CINTERFACE)..#define __STRUCT__ struct.#define STDMETHOD(method) virtual HRESULT WINAPI method.#define STDMETHOD_(type

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\guiddef.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4165
                                                                                                                                                                                                          Entropy (8bit):5.37405161812663
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:lVeZAP1SQySDz25/rPjEgE+2VPYFjrQUnL:lVe01S9kNcH
                                                                                                                                                                                                          MD5:D65FFFB282C1F60CCBFC4DCF1410BE1F
                                                                                                                                                                                                          SHA1:2BE8BADB6C6FB0DB0B023BFBC7B6842E0AB73A8F
                                                                                                                                                                                                          SHA-256:7DB1B1FE46513F578A3C777C3CE300D8403D31FBFB6D00EACFF93286D2ED1293
                                                                                                                                                                                                          SHA-512:E7F9554980671DCB14C62FF462AE34961C01E0DD1AFA9F8E010370B0941E22BA619ABEA98DCE090762888A1E485586BAAA0917167FF6373C8309374EBCE8054F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef GUID_DEFINED.#define GUID_DEFINED.typedef struct _GUID {. unsigned long Data1;. unsigned short Data2;. unsigned short Data3;. unsigned char Data4[8 ];.} GUID;.#endif..#ifndef UUID_DEFINED.#define UUID_DEFINED.typedef GUID UUID;.#endif..#ifndef FAR.#define FAR.#endif..#ifndef DECLSPEC_SELECTANY.#define DECLSPEC_SELECTANY __declspec(selectany).#endif..#ifndef EXTERN_C.#ifdef __cplusplus.#define EXTERN_C extern "C".#else.#define EXTERN_C extern.#endif.#endif..#ifdef DEFINE_GUID.#undef DEFINE_GUID.#endif..#ifdef INITGUID.#ifdef __cplusplus.#define DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) EXTERN_C const GUID DECLSPEC_SELECTANY name = { l,w1,w2,{ b1,b2,b3,b4,b5,b6,b7,b8 } }.#else.#define DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) const GUID DECLSPEC_SELEC

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-09AL1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):179678
                                                                                                                                                                                                          Entropy (8bit):5.448601521160739
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:jgie2EUSlwrMbtENbSJGDN4tSUez2pUQkR:jgie7wrMSSJGDfUe++
                                                                                                                                                                                                          MD5:3243B7C1189CC2C02075C2B175592EA9
                                                                                                                                                                                                          SHA1:B520F45E195A50AB00ACC161EFEC7E6620E652AF
                                                                                                                                                                                                          SHA-256:4356BFCDF5209C4EC58DE486E2173CE4B17E0CE75A422B226FDDDD18597C9905
                                                                                                                                                                                                          SHA-512:CDAA9D91F80127028DC877924D2E41B4EF55714485536C4B64955195C94E8EBFBECF9A0D7545DF535CBF4C1977CA53C14379B96ABCEBF7AEC461BCBB87EF040E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINUSER_.#define _WINUSER_..#define WINUSERAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#include <stdarg.h>..#ifndef NOUSER. typedef HANDLE HDWP;. typedef VOID MENUTEMPLATEA;. typedef VOID MENUTEMPLATEW;. typedef PVOID LPMENUTEMPLATEA;. typedef PVOID LPMENUTEMPLATEW;..#ifdef UNICODE. typedef MENUTEMPLATEW MENUTEMPLATE;. typedef LPMENUTEMPLATEW LPMENUTEMPLATE;.#else. typedef MENUTEMPLATEA MENUTEMPLATE;. typedef LPMENUTEMPLATEA LPMENUTEMPLATE;.#endif.. typedef LRESULT (CALLBACK *WNDPROC)(HWND,UINT,WPARAM,LPARAM);. typedef INT_PTR (CALLBACK *DLGPROC)(HWND,UINT,WPARAM,LPARAM);. typedef VOID (CALLBACK *TIMERPROC)(HWND,UINT,UINT_PTR,DWORD);. typedef WINBOOL (CALLBACK *GRAYSTRINGPROC)(HDC,LPARAM,int);.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-3E010.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):121301
                                                                                                                                                                                                          Entropy (8bit):5.419416589760816
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:mmN0oz+ODr15Ye92/rvZVXkRs4pItxtv7OosWBkEwJaYygZtk+tUtwtmtDlwsigp:nuPn7z57mW7T1QFYLCOdKSbuo8Sl
                                                                                                                                                                                                          MD5:FD80383F6F92379E074379BA54D68BDC
                                                                                                                                                                                                          SHA1:0A4D4926DF853E126FCC52150C84822AF1EF8035
                                                                                                                                                                                                          SHA-256:DF5937AC1805B27ABBA03277D2C34CAEE8CB4387EDB894ADCD73E6172A9FBD94
                                                                                                                                                                                                          SHA-512:4ED6C5508C77A8A3272835C6AE1323514E42D015F3CB53168382FFD78FB1A73D806AF5421378D1430ED344BA1200E3006D5AAF4150E925C1F2267A8D637A50A4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINGDI_.#define _WINGDI_..#define WINGDIAPI DECLSPEC_IMPORT.#define WINSPOOLAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#ifndef NOGDI.#ifndef NORASTEROPS.#define R2_BLACK 1.#define R2_NOTMERGEPEN 2.#define R2_MASKNOTPEN 3.#define R2_NOTCOPYPEN 4.#define R2_MASKPENNOT 5.#define R2_NOT 6.#define R2_XORPEN 7.#define R2_NOTMASKPEN 8.#define R2_MASKPEN 9.#define R2_NOTXORPEN 10.#define R2_NOP 11.#define R2_MERGENOTPEN 12.#define R2_COPYPEN 13.#define R2_MERGEPENNOT 14.#define R2_MERGEPEN 15.#define R2_WHITE 16.#define R2_LAST 16..#define SRCCOPY (DWORD)0x00CC0020.#define SRCPAINT (DWORD)0x00EE0086.#define SRCAND (DWORD)0x008800C6.#define SRCINVERT (DWORD)0x00660046.#define SRCERASE (DWORD)0x00440328.#define NOTS

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-3JI95.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5674
                                                                                                                                                                                                          Entropy (8bit):5.253868357743171
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:l4nmx67GjIz13BkHelji9aF7e4KmCtnLK0kO5Ol60V:4mxbjYkHi+IM4OAO5gv
                                                                                                                                                                                                          MD5:4149CF07A0FCB5FAFAB7F58BCC951D8C
                                                                                                                                                                                                          SHA1:DBF6F1002B67DA30CE63BE5D41E0EAA76263AC9F
                                                                                                                                                                                                          SHA-256:137E9A43A136E4AE19B3A4C844023C6A1611B23685000364F6BE3143DB1A4C75
                                                                                                                                                                                                          SHA-512:1BC969D3700C3BEB6416EED13942142315EFEE5F929C55F539E11FB9196C8865CA05BE0A39094C6E7457B671BA33299D3861AEC6161DD0429E8A375F378659A9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINDEF_.#define _WINDEF_..#ifndef STRICT.#define STRICT 1.#endif..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#ifndef BASETYPES.#define BASETYPES. typedef unsigned long ULONG;. typedef ULONG *PULONG;. typedef unsigned short USHORT;. typedef USHORT *PUSHORT;. typedef unsigned char UCHAR;. typedef UCHAR *PUCHAR;. typedef char *PSZ;.#endif..#define MAX_PATH 260..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#ifndef FALSE.#define FALSE 0.#endif..#ifndef TRUE.#define TRUE 1.#endif..#ifndef IN.#define IN.#endif..#ifndef OUT.#define OUT.#endif..#ifndef OPTIONAL.#define OPTIONAL.#endif..#undef far.#undef near.#undef pascal..#define far.#define near.#define pascal __stdcall..#define

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-3U27L.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14473
                                                                                                                                                                                                          Entropy (8bit):5.318184429302839
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:T3LK2osQDITqQWDVvRwPhOotRrwAIPmNLd1mBTVuRthEVPQKyybPki7wanag+4+M:lcio4tzIuhEVPQKyybrwan1+4+M
                                                                                                                                                                                                          MD5:A7EAC92053E54E029DC3B8356A49DF4A
                                                                                                                                                                                                          SHA1:475DF5425A60973CA79C1B0D5FA05DFD59E99E6A
                                                                                                                                                                                                          SHA-256:C965B8839E100E9AACAD333B373218F962A15840583231F968076441E781538B
                                                                                                                                                                                                          SHA-512:1A1F5032E2BA7A837FB043FC7B3DC15796B27FA481B2D8593F8012D503D1AAB5C82AB54404898FED81418FFC3B64712476DBC89ACAF92AACAC051FF40DD3F7CD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINCON_.#define _WINCON_..#ifdef __cplusplus.extern "C" {.#endif.. typedef struct _COORD {. SHORT X;. SHORT Y;. } COORD,*PCOORD;.. typedef struct _SMALL_RECT {. SHORT Left;. SHORT Top;. SHORT Right;. SHORT Bottom;. } SMALL_RECT,*PSMALL_RECT;.. typedef struct _KEY_EVENT_RECORD {. WINBOOL bKeyDown;. WORD wRepeatCount;. WORD wVirtualKeyCode;. WORD wVirtualScanCode;. union {. WCHAR UnicodeChar;. CHAR AsciiChar;. } uChar;. DWORD dwControlKeyState;. } KEY_EVENT_RECORD,*PKEY_EVENT_RECORD;..#define RIGHT_ALT_PRESSED 0x1.#define LEFT_ALT_PRESSED 0x2.#define RIGHT_CTRL_PRESSED 0x4.#define LEFT_CTRL_PRESSED 0x8.#define SHIFT_PRESSED 0x10.#define NUMLOCK_ON 0x20.#define SCROLLLOCK_ON 0x40.#define CAPSLOCK_ON 0x80.#define ENHA

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-42754.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with very long lines (302)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13963
                                                                                                                                                                                                          Entropy (8bit):5.433606364599901
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:CVb+C+ikI8n1W8l12X3ufMfkebe+XxeceAUgnhicr7Df0ff8uc/1uA1uFZNz6deF:q+C3kI8n1W8l14VzPBAf
                                                                                                                                                                                                          MD5:0F0E5CB60E379839AC67467A6FD5280F
                                                                                                                                                                                                          SHA1:0783BEC9C6F621AEDD45D2F1010740D9A6152B0A
                                                                                                                                                                                                          SHA-256:6DBB969DC21E90D9044DABCD190268C1BB33E445862CE2A4A536E9A7134FA4EB
                                                                                                                                                                                                          SHA-512:06C87AE227BF6D9C00E8404C728CC77DE9840237647605AABF197A85131E4835FF6EE96D7BEE24FD7B423C86F64D673669D2D2E8061F03473B2B0A1E10DD8BCA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINREG_.#define _WINREG_..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#define RRF_RT_REG_NONE 0x00000001.#define RRF_RT_REG_SZ 0x00000002.#define RRF_RT_REG_EXPAND_SZ 0x00000004.#define RRF_RT_REG_BINARY 0x00000008.#define RRF_RT_REG_DWORD 0x00000010.#define RRF_RT_REG_MULTI_SZ 0x00000020.#define RRF_RT_REG_QWORD 0x00000040..#define RRF_RT_DWORD (RRF_RT_REG_BINARY | RRF_RT_REG_DWORD).#define RRF_RT_QWORD (RRF_RT_REG_BINARY | RRF_RT_REG_QWORD).#define RRF_RT_ANY 0x0000ffff..#define RRF_NOEXPAND 0x10000000.#define RRF_ZEROONFAILURE 0x20000000.. typedef ACCESS_MASK REGSAM;..#define HKEY_CLASSES_ROOT ((HKEY) (ULONG_PTR)((LONG)0x80000000)).#define HKEY_CURRENT_USER ((HKEY) (ULONG_PTR)((LONG)0x80000001)).#define HKEY_LOCAL_MACHINE (

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-501P5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5614
                                                                                                                                                                                                          Entropy (8bit):5.234194137175846
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:xOYJhN+GRWlYdGmc0/5ZLURGFVwae+NmZLaVkGMGMRRMhHmdd7sAKGU1LRlw+4i7:xO8hIGRWl6Gmc0hw8Vre+NmcVk5rSHIQ
                                                                                                                                                                                                          MD5:4BF8483CA6A55237B88B3FB04917C9B4
                                                                                                                                                                                                          SHA1:1D5A57A8AF15FF88521335970F6C547EB2BDA403
                                                                                                                                                                                                          SHA-256:5C9CBAA16ABF57400ED31B49AAB7EE015788DBE7D3B58F3D53C86DB3807DD6F0
                                                                                                                                                                                                          SHA-512:7C4E012EF32A9529A0FA648320796D2ABB287C3C37F22D2CFEFE62FD0851CF68B5D373316AD70B51D09F0D0F1F48843A5D6E430C12367B5363648EEFF1160466
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _BASETSD_H_.#define _BASETSD_H_..#if (defined(__x86_64) || defined(__ia64__)) && !defined(RC_INVOKED).typedef unsigned __int64 POINTER_64_INT;.#else.typedef unsigned long POINTER_64_INT;.#endif..#define POINTER_32.#define POINTER_64.#define FIRMWARE_PTR..#ifdef __cplusplus.extern "C" {.#endif.. typedef signed char INT8,*PINT8;. typedef signed short INT16,*PINT16;. typedef signed int INT32,*PINT32;. typedef signed __int64 INT64,*PINT64;. typedef unsigned char UINT8,*PUINT8;. typedef unsigned short UINT16,*PUINT16;. typedef unsigned int UINT32,*PUINT32;. typedef unsigned __int64 UINT64,*PUINT64;. typedef signed int LONG32,*PLONG32;. typedef unsigned int ULONG32,*PULONG32;. typedef unsigned int DWORD32,*PDWORD32;..#ifndef _W64.#define _W64.#endif..#ifdef _WIN64

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-568V6.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):159607
                                                                                                                                                                                                          Entropy (8bit):5.448523174174419
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:p8iWoUKAVEvTQ/BUNRB+NNKjxyfmTcFqTPj:p8iWoUKAVEvTQmcFqTPj
                                                                                                                                                                                                          MD5:18908ACE3445091E5966CC99F9D4B5B9
                                                                                                                                                                                                          SHA1:130D1CFA2D8A8A17FA2AFA4DDF4FE3DFBA4542D5
                                                                                                                                                                                                          SHA-256:47EFFBA4D4BB7DFBE373F1156285A170042FE1A3552BCBBEE460E5DB68E1FF2D
                                                                                                                                                                                                          SHA-512:0E63D752B56051057C4E553307A708C2359EAC58EA96EA0077931642482EB8B6E0B28984A278663D85C6B1739564CAB6FFED3D9582306473841A355BD0CBEE61
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINBASE_.#define _WINBASE_..#define WINADVAPI DECLSPEC_IMPORT.#define WINBASEAPI DECLSPEC_IMPORT.#define ZAWPROXYAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#define DefineHandleTable(w) ((w),TRUE).#define LimitEmsPages(dw).#define SetSwapAreaSize(w) (w).#define LockSegment(w) GlobalFix((HANDLE)(w)).#define UnlockSegment(w) GlobalUnfix((HANDLE)(w)).#define GetCurrentTime() GetTickCount()..#define Yield()..#define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1).#define INVALID_FILE_SIZE ((DWORD)0xffffffff).#define INVALID_SET_FILE_POINTER ((DWORD)-1).#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)..#define FILE_BEGIN 0.#define FILE_CURRENT 1.#define FILE_END 2..#define TIME_ZONE_ID_INVALID ((DWORD)0xffffffff)..#define WAIT_FAILED ((DWORD)0xffffffff).#define WAI

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-7EC02.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):4.939467489498393
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3O2:UJJISFcShcFP+4BnWKi3O2
                                                                                                                                                                                                          MD5:F7CE406B57AF97C8BA95EEB9D7840C1D
                                                                                                                                                                                                          SHA1:ED211A37E0EFCA13A0146F9FE775875D32DB3496
                                                                                                                                                                                                          SHA-256:8EB67DD233D5A387D6DC1814CB6EB6C6DE9A123438FAEFCA7B442691CAF23049
                                                                                                                                                                                                          SHA-512:B7EE10FBFE60F4F6E998D48D88C36095DFA70524B9E24A6E3BDD6C0A62FBFCD66725E28F227DA1469448C909D08DC57ADD7484D7FEECA35B2FF3A4F526756256
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,1).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-A3PV0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):193650
                                                                                                                                                                                                          Entropy (8bit):5.442692211038205
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:mgqyl7JPZPZWFLvC3b+tc55bLqkI66qJ+bOaCIzxlWLp9EhxveAMimiAg9+38w8l:FvgTAw+39O8+NQkK9t/k7IM
                                                                                                                                                                                                          MD5:39AB9E1D4A6B6871FC59D837A1910566
                                                                                                                                                                                                          SHA1:CEA4A15910A1DC02AF23A06ACE7B8B7BD6E1001D
                                                                                                                                                                                                          SHA-256:0881DEBBBD1879A08341E395FA1DCED6A7B1007A80A9C6ECC831A7800C90CA02
                                                                                                                                                                                                          SHA-512:652B8695DBBF04C76DB183435FDDC21034FD9C8C10CF648A21787855417B5050580C424C4DA773676BD6A6FD8C30596D905E3C9E91E946B37EA5723FBA9DF481
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINNT_.#define _WINNT_..#ifdef __cplusplus.extern "C" {.#endif..#include <ctype.h>.#define ANYSIZE_ARRAY 1..//gr #include <specstrings.h>..#define RESTRICTED_POINTER..#ifndef __CRT_UNALIGNED.#define __CRT_UNALIGNED.#endif..#if defined(__ia64__) || defined(__x86_64).#define UNALIGNED __CRT_UNALIGNED.#ifdef _WIN64.#define UNALIGNED64 __CRT_UNALIGNED.#else.#define UNALIGNED64.#endif.#else.#define UNALIGNED.#define UNALIGNED64.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && (defined(_X86_) && !defined(__x86_64)).#define I_X86_.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && defined(__x86_64).#define _AMD64_.#endif..#if !defined(I_X86_) && !(defined(_X86_) && !defined(__x86_64)) && !defined(_AMD64_) && defined(__ia64__).#if

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-A45GA.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):282
                                                                                                                                                                                                          Entropy (8bit):4.902277729484196
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cGtSy:UJJISFcShcFP+4BnWKiky
                                                                                                                                                                                                          MD5:584EBD620B89C671805EB5917278C46F
                                                                                                                                                                                                          SHA1:645DCA8A4775E323EED290EB1262A898E3BD8DF3
                                                                                                                                                                                                          SHA-256:81C951E1FB87AA8F6E8871A073277F1CD1CCB9B66F6EFA92AFF35BCD00A60726
                                                                                                                                                                                                          SHA-512:F80C37DF443967189B8B3E246E860E854A65283B9E7DBBFD87FE30E6E8285C785DF2D6F74AC9D7D59CDF655E543B830042A51574FEDCF5611714946DA2D1D542
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(pop).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-JJ49U.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):4.939467489498393
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3uJuy:UJJISFcShcFP+4BnWKi3uV
                                                                                                                                                                                                          MD5:4FA6301A9105C4442FCD8181B17BF100
                                                                                                                                                                                                          SHA1:CD49157FA734AF5ECB57BDE0E7C57B9BC425CE98
                                                                                                                                                                                                          SHA-256:32FE7B5FF2387C916AD134EF5B5B0AC67447DA0E0DCCF405C31562AAC718D6D8
                                                                                                                                                                                                          SHA-512:EC6C5D061C788463D3E262E69ED74F5A21022007F4E3BC5DCDAA64ED641D0C4953A60A465E7972756E427E3B9AC71103AA36EF298F8E5D8FC946210152612599
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,8).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-L62H1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):4.939467489498393
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3kJuy:UJJISFcShcFP+4BnWKi3suy
                                                                                                                                                                                                          MD5:5F9BA2A3122F6963219BDD95EFF0D63B
                                                                                                                                                                                                          SHA1:FC7EF1DBF2D51D9E38E79BC4D2DFE7F89107263E
                                                                                                                                                                                                          SHA-256:D459CBD546929FD44980D32C1680A8F176D717CE9DF162F5C5C443DFDCCC9E42
                                                                                                                                                                                                          SHA-512:4339E932DA337FC33CB8544FAD3065F82F689E17AE9CFD6A3035A0A1C62271ED0EFC44553A75C29207E97555E55FF8F76D42FBEF57B46B0E117B087A367A5D1F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,2).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-NBMM7.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4165
                                                                                                                                                                                                          Entropy (8bit):5.37405161812663
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:lVeZAP1SQySDz25/rPjEgE+2VPYFjrQUnL:lVe01S9kNcH
                                                                                                                                                                                                          MD5:D65FFFB282C1F60CCBFC4DCF1410BE1F
                                                                                                                                                                                                          SHA1:2BE8BADB6C6FB0DB0B023BFBC7B6842E0AB73A8F
                                                                                                                                                                                                          SHA-256:7DB1B1FE46513F578A3C777C3CE300D8403D31FBFB6D00EACFF93286D2ED1293
                                                                                                                                                                                                          SHA-512:E7F9554980671DCB14C62FF462AE34961C01E0DD1AFA9F8E010370B0941E22BA619ABEA98DCE090762888A1E485586BAAA0917167FF6373C8309374EBCE8054F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef GUID_DEFINED.#define GUID_DEFINED.typedef struct _GUID {. unsigned long Data1;. unsigned short Data2;. unsigned short Data3;. unsigned char Data4[8 ];.} GUID;.#endif..#ifndef UUID_DEFINED.#define UUID_DEFINED.typedef GUID UUID;.#endif..#ifndef FAR.#define FAR.#endif..#ifndef DECLSPEC_SELECTANY.#define DECLSPEC_SELECTANY __declspec(selectany).#endif..#ifndef EXTERN_C.#ifdef __cplusplus.#define EXTERN_C extern "C".#else.#define EXTERN_C extern.#endif.#endif..#ifdef DEFINE_GUID.#undef DEFINE_GUID.#endif..#ifdef INITGUID.#ifdef __cplusplus.#define DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) EXTERN_C const GUID DECLSPEC_SELECTANY name = { l,w1,w2,{ b1,b2,b3,b4,b5,b6,b7,b8 } }.#else.#define DEFINE_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) const GUID DECLSPEC_SELEC

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-OHBQT.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5381
                                                                                                                                                                                                          Entropy (8bit):5.237607493279814
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:EtGsCwPV1Ihot5C5snyv5vdQSZWVvc22c26T9Dd1s4S/BwS9BYwJw3+wIwV4mDVC:oC4V1Ihot5CFQjs4S/BwS9BmwJp9q1PK
                                                                                                                                                                                                          MD5:F0EF1B8EE3A22C3FA3CA4DD26012E309
                                                                                                                                                                                                          SHA1:4D78773275154677A5BB66D6393636CA2418EE69
                                                                                                                                                                                                          SHA-256:7D846678EC2A8C70F86308CF6BE585D760924C620DFCFB4B048F60D88577B69D
                                                                                                                                                                                                          SHA-512:7B230B6BE986E12C639DEE195198EE87FF1E9E0895FE3C101A3E8553D272986B9800C3C74B53A89128821D2D8D439A4968E48C29B2EDA43096E48F51B871B18C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef VER_H.#define VER_H..#ifdef __cplusplus.extern "C" {.#endif..#define VS_FILE_INFO RT_VERSION.#define VS_VERSION_INFO 1.#define VS_USER_DEFINED 100..#define VS_FFI_SIGNATURE 0xFEEF04BDL.#define VS_FFI_STRUCVERSION 0x00010000L.#define VS_FFI_FILEFLAGSMASK 0x0000003FL..#define VS_FF_DEBUG 0x00000001L.#define VS_FF_PRERELEASE 0x00000002L.#define VS_FF_PATCHED 0x00000004L.#define VS_FF_PRIVATEBUILD 0x00000008L.#define VS_FF_INFOINFERRED 0x00000010L.#define VS_FF_SPECIALBUILD 0x00000020L..#define VOS_UNKNOWN 0x00000000L.#define VOS_DOS 0x00010000L.#define VOS_OS216 0x00020000L.#define VOS_OS232 0x00030000L.#define VOS_NT 0x00040000L.#define VOS_WINCE 0x00050000L..#define VOS__BASE 0x00000000L.#define VOS__WINDOWS16 0x00000001L.#define VOS__PM16 0x00000002L.#define VOS__PM32

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-OT2L8.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):150512
                                                                                                                                                                                                          Entropy (8bit):5.042627381884036
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:fAOSurpB+BkRymeRfJOj/7AL1YxEilv+y2aUs/gtvyEmZ1m6tDLiSgF:RHu7LSqiQakytxtDa
                                                                                                                                                                                                          MD5:8A51F06DF0CB380EB7E944203BFEDE79
                                                                                                                                                                                                          SHA1:92B3F5D7EBBAA0F35F30F5FA68698D93A708B0B5
                                                                                                                                                                                                          SHA-256:590134000B1B5C4FB7AFBCC54A445A42228D74164A9E8B24434D1A993F76852E
                                                                                                                                                                                                          SHA-512:E50C7D2391C84B3F975F5E6E732691102595BBB857987AD0577B370C34D9C9C32DE3FEA64DC8DD45608320EB0E7455EE306CA50B1F19D4B209BFE1618EF9B22A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINERROR_.#define _WINERROR_..#define FACILITY_WINDOWSUPDATE 36.#define FACILITY_WINDOWS_CE 24.#define FACILITY_WINDOWS 8.#define FACILITY_URT 19.#define FACILITY_UMI 22.#define FACILITY_SXS 23.#define FACILITY_STORAGE 3.#define FACILITY_STATE_MANAGEMENT 34.#define FACILITY_SSPI 9.#define FACILITY_SCARD 16.#define FACILITY_SETUPAPI 15.#define FACILITY_SECURITY 9.#define FACILITY_RPC 1.#define FACILITY_WIN32 7.#define FACILITY_CONTROL 10.#define FACILITY_NULL 0.#define FACILITY_METADIRECTORY 35.#define FACILITY_MSMQ 14.#define FACILITY_MEDIASERVER 13.#define FACILITY_INTERNET 12.#define FACILITY_ITF 4.#define FACILITY_HTTP 25.#define FACILITY_DPLAY 21.#define FACILITY_DISPATCH 2.#define FACILITY_DIRECTORYSERVICE 37.#define FACILITY_CONFIGURATION 33.#define FACILITY_COM

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-SN34V.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2173
                                                                                                                                                                                                          Entropy (8bit):5.14850892880743
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GAjzWlnWj5A0iB/s1bUys7sbUo7QJQj7RLbY:VjIWVAVB/s1Iys7sIo7QSjlvY
                                                                                                                                                                                                          MD5:437B745F448BA343620FEF2015B72E78
                                                                                                                                                                                                          SHA1:6E95B00A515154FAEDB95606F9AA429AFE40807E
                                                                                                                                                                                                          SHA-256:3B0D80E4B27E099C8AF543D6D9CCA295C68E115A0FBA7CD79CC0E76D1C3A5C11
                                                                                                                                                                                                          SHA-512:43EE580B0D94F5556A6D4227B103C52678CEECE4566A7CE3A9A494E8F19BCF3B33A3E765E10D62C53CC54552532C3B0B2828241354C4C14DF13CC7F90D6ED8AE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINDOWS_.#define _WINDOWS_..#ifndef WIN32_LEAN_AND_MEAN.#define WIN32_LEAN_AND_MEAN 1.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#include <_mingw.h>..#ifndef _INC_WINDOWS.#define _INC_WINDOWS..#if defined(RC_INVOKED) && !defined(NOWINRES)..#include <winresrc.h>.#else..#ifdef RC_INVOKED.#define NOATOM.#define NOGDI.#define NOGDICAPMASKS.#define NOMETAFILE.#define NOMINMAX.#define NOMSG.#define NOOPENFILE.#define NORASTEROPS.#define NOSCROLL.#define NOSOUND.#define NOSYSMETRICS.#define NOTEXTMETRIC.#define NOWH.#define NOCOMM.#define NOKANJI.#define NOCRYPT.#define NOMCX.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && (defined(_X86_) && !defined(__x86_64)).#define I_X86_.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-T4N3F.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2413
                                                                                                                                                                                                          Entropy (8bit):5.267985342570529
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:G+qAaBjES2EZs96PiYkAahW4h+gt/04hOgldUOkke:TqAuEThH3Vy
                                                                                                                                                                                                          MD5:09DFC50C697476FDC240969717C514CE
                                                                                                                                                                                                          SHA1:C9D444C897A96A4B475379C7C6B826FDF2DFF2E5
                                                                                                                                                                                                          SHA-256:34842EE3389CB13A72A2B87EC930AADBFFCE8906EB31480180CFF541C7F44134
                                                                                                                                                                                                          SHA-512:DE3E258D4DF8E046A131110FADAC12572CA14A7359F1C44C41DEBC7E8F1424A93BEC6300E3CA21BEEB55FF4B3AB572F0B3059D9399C89CFF27D154DCC90238F7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !defined(_BASETYPS_H_).#define _BASETYPS_H_..#ifdef __cplusplus.#define EXTERN_C extern "C".#else.#define EXTERN_C extern.#endif..#define STDMETHODCALLTYPE WINAPI.#define STDMETHODVCALLTYPE __cdecl..#define STDAPICALLTYPE WINAPI.#define STDAPIVCALLTYPE __cdecl..#define STDAPI EXTERN_C HRESULT WINAPI.#define STDAPI_(type) EXTERN_C type WINAPI..#define STDMETHODIMP HRESULT WINAPI.#define STDMETHODIMP_(type) type WINAPI..#define STDAPIV EXTERN_C HRESULT STDAPIVCALLTYPE.#define STDAPIV_(type) EXTERN_C type STDAPIVCALLTYPE..#define STDMETHODIMPV HRESULT STDMETHODVCALLTYPE.#define STDMETHODIMPV_(type) type STDMETHODVCALLTYPE..#if defined(__cplusplus) && !defined(CINTERFACE)..#define __STRUCT__ struct.#define STDMETHOD(method) virtual HRESULT WINAPI method.#define STDMETHOD_(type

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\is-TU9H5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):4.932449945638745
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3iV:UJJISFcShcFP+4BnWKi3iV
                                                                                                                                                                                                          MD5:9E2E16A461B193BAE9E69C59C9A3E040
                                                                                                                                                                                                          SHA1:17AAA9161D3F9D7270EDB80BC850B3AD1CD9151A
                                                                                                                                                                                                          SHA-256:CD3BA1258A5DD9C714879D3E499B021C85EE9827C06BAC2FC2C1E677B5909531
                                                                                                                                                                                                          SHA-512:37C580B406EB30FC66B0135D91D8DC743A9F2ABBF830A58272ECF910E4F4BDE10ED9A1CF07A8C0F24BFA2D8E86883AF76C5A7805FC70A2AE69F1A9D8225774DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,4).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\poppack.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):282
                                                                                                                                                                                                          Entropy (8bit):4.902277729484196
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cGtSy:UJJISFcShcFP+4BnWKiky
                                                                                                                                                                                                          MD5:584EBD620B89C671805EB5917278C46F
                                                                                                                                                                                                          SHA1:645DCA8A4775E323EED290EB1262A898E3BD8DF3
                                                                                                                                                                                                          SHA-256:81C951E1FB87AA8F6E8871A073277F1CD1CCB9B66F6EFA92AFF35BCD00A60726
                                                                                                                                                                                                          SHA-512:F80C37DF443967189B8B3E246E860E854A65283B9E7DBBFD87FE30E6E8285C785DF2D6F74AC9D7D59CDF655E543B830042A51574FEDCF5611714946DA2D1D542
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(pop).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\pshpack1.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):4.939467489498393
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3O2:UJJISFcShcFP+4BnWKi3O2
                                                                                                                                                                                                          MD5:F7CE406B57AF97C8BA95EEB9D7840C1D
                                                                                                                                                                                                          SHA1:ED211A37E0EFCA13A0146F9FE775875D32DB3496
                                                                                                                                                                                                          SHA-256:8EB67DD233D5A387D6DC1814CB6EB6C6DE9A123438FAEFCA7B442691CAF23049
                                                                                                                                                                                                          SHA-512:B7EE10FBFE60F4F6E998D48D88C36095DFA70524B9E24A6E3BDD6C0A62FBFCD66725E28F227DA1469448C909D08DC57ADD7484D7FEECA35B2FF3A4F526756256
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,1).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\pshpack2.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):4.939467489498393
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3kJuy:UJJISFcShcFP+4BnWKi3suy
                                                                                                                                                                                                          MD5:5F9BA2A3122F6963219BDD95EFF0D63B
                                                                                                                                                                                                          SHA1:FC7EF1DBF2D51D9E38E79BC4D2DFE7F89107263E
                                                                                                                                                                                                          SHA-256:D459CBD546929FD44980D32C1680A8F176D717CE9DF162F5C5C443DFDCCC9E42
                                                                                                                                                                                                          SHA-512:4339E932DA337FC33CB8544FAD3065F82F689E17AE9CFD6A3035A0A1C62271ED0EFC44553A75C29207E97555E55FF8F76D42FBEF57B46B0E117B087A367A5D1F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,2).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\pshpack4.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):4.932449945638745
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3iV:UJJISFcShcFP+4BnWKi3iV
                                                                                                                                                                                                          MD5:9E2E16A461B193BAE9E69C59C9A3E040
                                                                                                                                                                                                          SHA1:17AAA9161D3F9D7270EDB80BC850B3AD1CD9151A
                                                                                                                                                                                                          SHA-256:CD3BA1258A5DD9C714879D3E499B021C85EE9827C06BAC2FC2C1E677B5909531
                                                                                                                                                                                                          SHA-512:37C580B406EB30FC66B0135D91D8DC743A9F2ABBF830A58272ECF910E4F4BDE10ED9A1CF07A8C0F24BFA2D8E86883AF76C5A7805FC70A2AE69F1A9D8225774DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,4).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\pshpack8.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                          Entropy (8bit):4.939467489498393
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:UJg2JESe3SFB+SqicFPoJZVC1r2DySEWVgs1cG3uJuy:UJJISFcShcFP+4BnWKi3uV
                                                                                                                                                                                                          MD5:4FA6301A9105C4442FCD8181B17BF100
                                                                                                                                                                                                          SHA1:CD49157FA734AF5ECB57BDE0E7C57B9BC425CE98
                                                                                                                                                                                                          SHA-256:32FE7B5FF2387C916AD134EF5B5B0AC67447DA0E0DCCF405C31562AAC718D6D8
                                                                                                                                                                                                          SHA-512:EC6C5D061C788463D3E262E69ED74F5A21022007F4E3BC5DCDAA64ED641D0C4953A60A465E7972756E427E3B9AC71103AA36EF298F8E5D8FC946210152612599
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#if !(defined(lint) || defined(RC_INVOKED)).#pragma pack(push,8).#endif.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\winbase.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):159607
                                                                                                                                                                                                          Entropy (8bit):5.448523174174419
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:p8iWoUKAVEvTQ/BUNRB+NNKjxyfmTcFqTPj:p8iWoUKAVEvTQmcFqTPj
                                                                                                                                                                                                          MD5:18908ACE3445091E5966CC99F9D4B5B9
                                                                                                                                                                                                          SHA1:130D1CFA2D8A8A17FA2AFA4DDF4FE3DFBA4542D5
                                                                                                                                                                                                          SHA-256:47EFFBA4D4BB7DFBE373F1156285A170042FE1A3552BCBBEE460E5DB68E1FF2D
                                                                                                                                                                                                          SHA-512:0E63D752B56051057C4E553307A708C2359EAC58EA96EA0077931642482EB8B6E0B28984A278663D85C6B1739564CAB6FFED3D9582306473841A355BD0CBEE61
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINBASE_.#define _WINBASE_..#define WINADVAPI DECLSPEC_IMPORT.#define WINBASEAPI DECLSPEC_IMPORT.#define ZAWPROXYAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#define DefineHandleTable(w) ((w),TRUE).#define LimitEmsPages(dw).#define SetSwapAreaSize(w) (w).#define LockSegment(w) GlobalFix((HANDLE)(w)).#define UnlockSegment(w) GlobalUnfix((HANDLE)(w)).#define GetCurrentTime() GetTickCount()..#define Yield()..#define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1).#define INVALID_FILE_SIZE ((DWORD)0xffffffff).#define INVALID_SET_FILE_POINTER ((DWORD)-1).#define INVALID_FILE_ATTRIBUTES ((DWORD)-1)..#define FILE_BEGIN 0.#define FILE_CURRENT 1.#define FILE_END 2..#define TIME_ZONE_ID_INVALID ((DWORD)0xffffffff)..#define WAIT_FAILED ((DWORD)0xffffffff).#define WAI

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\wincon.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):14473
                                                                                                                                                                                                          Entropy (8bit):5.318184429302839
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:T3LK2osQDITqQWDVvRwPhOotRrwAIPmNLd1mBTVuRthEVPQKyybPki7wanag+4+M:lcio4tzIuhEVPQKyybrwan1+4+M
                                                                                                                                                                                                          MD5:A7EAC92053E54E029DC3B8356A49DF4A
                                                                                                                                                                                                          SHA1:475DF5425A60973CA79C1B0D5FA05DFD59E99E6A
                                                                                                                                                                                                          SHA-256:C965B8839E100E9AACAD333B373218F962A15840583231F968076441E781538B
                                                                                                                                                                                                          SHA-512:1A1F5032E2BA7A837FB043FC7B3DC15796B27FA481B2D8593F8012D503D1AAB5C82AB54404898FED81418FFC3B64712476DBC89ACAF92AACAC051FF40DD3F7CD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINCON_.#define _WINCON_..#ifdef __cplusplus.extern "C" {.#endif.. typedef struct _COORD {. SHORT X;. SHORT Y;. } COORD,*PCOORD;.. typedef struct _SMALL_RECT {. SHORT Left;. SHORT Top;. SHORT Right;. SHORT Bottom;. } SMALL_RECT,*PSMALL_RECT;.. typedef struct _KEY_EVENT_RECORD {. WINBOOL bKeyDown;. WORD wRepeatCount;. WORD wVirtualKeyCode;. WORD wVirtualScanCode;. union {. WCHAR UnicodeChar;. CHAR AsciiChar;. } uChar;. DWORD dwControlKeyState;. } KEY_EVENT_RECORD,*PKEY_EVENT_RECORD;..#define RIGHT_ALT_PRESSED 0x1.#define LEFT_ALT_PRESSED 0x2.#define RIGHT_CTRL_PRESSED 0x4.#define LEFT_CTRL_PRESSED 0x8.#define SHIFT_PRESSED 0x10.#define NUMLOCK_ON 0x20.#define SCROLLLOCK_ON 0x40.#define CAPSLOCK_ON 0x80.#define ENHA

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\windef.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5674
                                                                                                                                                                                                          Entropy (8bit):5.253868357743171
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:l4nmx67GjIz13BkHelji9aF7e4KmCtnLK0kO5Ol60V:4mxbjYkHi+IM4OAO5gv
                                                                                                                                                                                                          MD5:4149CF07A0FCB5FAFAB7F58BCC951D8C
                                                                                                                                                                                                          SHA1:DBF6F1002B67DA30CE63BE5D41E0EAA76263AC9F
                                                                                                                                                                                                          SHA-256:137E9A43A136E4AE19B3A4C844023C6A1611B23685000364F6BE3143DB1A4C75
                                                                                                                                                                                                          SHA-512:1BC969D3700C3BEB6416EED13942142315EFEE5F929C55F539E11FB9196C8865CA05BE0A39094C6E7457B671BA33299D3861AEC6161DD0429E8A375F378659A9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINDEF_.#define _WINDEF_..#ifndef STRICT.#define STRICT 1.#endif..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#ifndef BASETYPES.#define BASETYPES. typedef unsigned long ULONG;. typedef ULONG *PULONG;. typedef unsigned short USHORT;. typedef USHORT *PUSHORT;. typedef unsigned char UCHAR;. typedef UCHAR *PUCHAR;. typedef char *PSZ;.#endif..#define MAX_PATH 260..#ifndef NULL.#ifdef __cplusplus.#define NULL 0.#else.#define NULL ((void *)0).#endif.#endif..#ifndef FALSE.#define FALSE 0.#endif..#ifndef TRUE.#define TRUE 1.#endif..#ifndef IN.#define IN.#endif..#ifndef OUT.#define OUT.#endif..#ifndef OPTIONAL.#define OPTIONAL.#endif..#undef far.#undef near.#undef pascal..#define far.#define near.#define pascal __stdcall..#define

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\windows.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2173
                                                                                                                                                                                                          Entropy (8bit):5.14850892880743
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:GAjzWlnWj5A0iB/s1bUys7sbUo7QJQj7RLbY:VjIWVAVB/s1Iys7sIo7QSjlvY
                                                                                                                                                                                                          MD5:437B745F448BA343620FEF2015B72E78
                                                                                                                                                                                                          SHA1:6E95B00A515154FAEDB95606F9AA429AFE40807E
                                                                                                                                                                                                          SHA-256:3B0D80E4B27E099C8AF543D6D9CCA295C68E115A0FBA7CD79CC0E76D1C3A5C11
                                                                                                                                                                                                          SHA-512:43EE580B0D94F5556A6D4227B103C52678CEECE4566A7CE3A9A494E8F19BCF3B33A3E765E10D62C53CC54552532C3B0B2828241354C4C14DF13CC7F90D6ED8AE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINDOWS_.#define _WINDOWS_..#ifndef WIN32_LEAN_AND_MEAN.#define WIN32_LEAN_AND_MEAN 1.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#include <_mingw.h>..#ifndef _INC_WINDOWS.#define _INC_WINDOWS..#if defined(RC_INVOKED) && !defined(NOWINRES)..#include <winresrc.h>.#else..#ifdef RC_INVOKED.#define NOATOM.#define NOGDI.#define NOGDICAPMASKS.#define NOMETAFILE.#define NOMINMAX.#define NOMSG.#define NOOPENFILE.#define NORASTEROPS.#define NOSCROLL.#define NOSOUND.#define NOSYSMETRICS.#define NOTEXTMETRIC.#define NOWH.#define NOCOMM.#define NOKANJI.#define NOCRYPT.#define NOMCX.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && (defined(_X86_) && !defined(__x86_64)).#define I_X86_.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\winerror.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):150512
                                                                                                                                                                                                          Entropy (8bit):5.042627381884036
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:fAOSurpB+BkRymeRfJOj/7AL1YxEilv+y2aUs/gtvyEmZ1m6tDLiSgF:RHu7LSqiQakytxtDa
                                                                                                                                                                                                          MD5:8A51F06DF0CB380EB7E944203BFEDE79
                                                                                                                                                                                                          SHA1:92B3F5D7EBBAA0F35F30F5FA68698D93A708B0B5
                                                                                                                                                                                                          SHA-256:590134000B1B5C4FB7AFBCC54A445A42228D74164A9E8B24434D1A993F76852E
                                                                                                                                                                                                          SHA-512:E50C7D2391C84B3F975F5E6E732691102595BBB857987AD0577B370C34D9C9C32DE3FEA64DC8DD45608320EB0E7455EE306CA50B1F19D4B209BFE1618EF9B22A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINERROR_.#define _WINERROR_..#define FACILITY_WINDOWSUPDATE 36.#define FACILITY_WINDOWS_CE 24.#define FACILITY_WINDOWS 8.#define FACILITY_URT 19.#define FACILITY_UMI 22.#define FACILITY_SXS 23.#define FACILITY_STORAGE 3.#define FACILITY_STATE_MANAGEMENT 34.#define FACILITY_SSPI 9.#define FACILITY_SCARD 16.#define FACILITY_SETUPAPI 15.#define FACILITY_SECURITY 9.#define FACILITY_RPC 1.#define FACILITY_WIN32 7.#define FACILITY_CONTROL 10.#define FACILITY_NULL 0.#define FACILITY_METADIRECTORY 35.#define FACILITY_MSMQ 14.#define FACILITY_MEDIASERVER 13.#define FACILITY_INTERNET 12.#define FACILITY_ITF 4.#define FACILITY_HTTP 25.#define FACILITY_DPLAY 21.#define FACILITY_DISPATCH 2.#define FACILITY_DIRECTORYSERVICE 37.#define FACILITY_CONFIGURATION 33.#define FACILITY_COM

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\wingdi.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):121301
                                                                                                                                                                                                          Entropy (8bit):5.419416589760816
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:mmN0oz+ODr15Ye92/rvZVXkRs4pItxtv7OosWBkEwJaYygZtk+tUtwtmtDlwsigp:nuPn7z57mW7T1QFYLCOdKSbuo8Sl
                                                                                                                                                                                                          MD5:FD80383F6F92379E074379BA54D68BDC
                                                                                                                                                                                                          SHA1:0A4D4926DF853E126FCC52150C84822AF1EF8035
                                                                                                                                                                                                          SHA-256:DF5937AC1805B27ABBA03277D2C34CAEE8CB4387EDB894ADCD73E6172A9FBD94
                                                                                                                                                                                                          SHA-512:4ED6C5508C77A8A3272835C6AE1323514E42D015F3CB53168382FFD78FB1A73D806AF5421378D1430ED344BA1200E3006D5AAF4150E925C1F2267A8D637A50A4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINGDI_.#define _WINGDI_..#define WINGDIAPI DECLSPEC_IMPORT.#define WINSPOOLAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#ifndef NOGDI.#ifndef NORASTEROPS.#define R2_BLACK 1.#define R2_NOTMERGEPEN 2.#define R2_MASKNOTPEN 3.#define R2_NOTCOPYPEN 4.#define R2_MASKPENNOT 5.#define R2_NOT 6.#define R2_XORPEN 7.#define R2_NOTMASKPEN 8.#define R2_MASKPEN 9.#define R2_NOTXORPEN 10.#define R2_NOP 11.#define R2_MERGENOTPEN 12.#define R2_COPYPEN 13.#define R2_MERGEPENNOT 14.#define R2_MERGEPEN 15.#define R2_WHITE 16.#define R2_LAST 16..#define SRCCOPY (DWORD)0x00CC0020.#define SRCPAINT (DWORD)0x00EE0086.#define SRCAND (DWORD)0x008800C6.#define SRCINVERT (DWORD)0x00660046.#define SRCERASE (DWORD)0x00440328.#define NOTS

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\winnt.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):193650
                                                                                                                                                                                                          Entropy (8bit):5.442692211038205
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:mgqyl7JPZPZWFLvC3b+tc55bLqkI66qJ+bOaCIzxlWLp9EhxveAMimiAg9+38w8l:FvgTAw+39O8+NQkK9t/k7IM
                                                                                                                                                                                                          MD5:39AB9E1D4A6B6871FC59D837A1910566
                                                                                                                                                                                                          SHA1:CEA4A15910A1DC02AF23A06ACE7B8B7BD6E1001D
                                                                                                                                                                                                          SHA-256:0881DEBBBD1879A08341E395FA1DCED6A7B1007A80A9C6ECC831A7800C90CA02
                                                                                                                                                                                                          SHA-512:652B8695DBBF04C76DB183435FDDC21034FD9C8C10CF648A21787855417B5050580C424C4DA773676BD6A6FD8C30596D905E3C9E91E946B37EA5723FBA9DF481
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINNT_.#define _WINNT_..#ifdef __cplusplus.extern "C" {.#endif..#include <ctype.h>.#define ANYSIZE_ARRAY 1..//gr #include <specstrings.h>..#define RESTRICTED_POINTER..#ifndef __CRT_UNALIGNED.#define __CRT_UNALIGNED.#endif..#if defined(__ia64__) || defined(__x86_64).#define UNALIGNED __CRT_UNALIGNED.#ifdef _WIN64.#define UNALIGNED64 __CRT_UNALIGNED.#else.#define UNALIGNED64.#endif.#else.#define UNALIGNED.#define UNALIGNED64.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && (defined(_X86_) && !defined(__x86_64)).#define I_X86_.#endif..#if !defined(I_X86_) && !defined(_IA64_) && !defined(_AMD64_) && defined(__x86_64).#define _AMD64_.#endif..#if !defined(I_X86_) && !(defined(_X86_) && !defined(__x86_64)) && !defined(_AMD64_) && defined(__ia64__).#if

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\winreg.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with very long lines (302)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13963
                                                                                                                                                                                                          Entropy (8bit):5.433606364599901
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:CVb+C+ikI8n1W8l12X3ufMfkebe+XxeceAUgnhicr7Df0ff8uc/1uA1uFZNz6deF:q+C3kI8n1W8l14VzPBAf
                                                                                                                                                                                                          MD5:0F0E5CB60E379839AC67467A6FD5280F
                                                                                                                                                                                                          SHA1:0783BEC9C6F621AEDD45D2F1010740D9A6152B0A
                                                                                                                                                                                                          SHA-256:6DBB969DC21E90D9044DABCD190268C1BB33E445862CE2A4A536E9A7134FA4EB
                                                                                                                                                                                                          SHA-512:06C87AE227BF6D9C00E8404C728CC77DE9840237647605AABF197A85131E4835FF6EE96D7BEE24FD7B423C86F64D673669D2D2E8061F03473B2B0A1E10DD8BCA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINREG_.#define _WINREG_..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#define RRF_RT_REG_NONE 0x00000001.#define RRF_RT_REG_SZ 0x00000002.#define RRF_RT_REG_EXPAND_SZ 0x00000004.#define RRF_RT_REG_BINARY 0x00000008.#define RRF_RT_REG_DWORD 0x00000010.#define RRF_RT_REG_MULTI_SZ 0x00000020.#define RRF_RT_REG_QWORD 0x00000040..#define RRF_RT_DWORD (RRF_RT_REG_BINARY | RRF_RT_REG_DWORD).#define RRF_RT_QWORD (RRF_RT_REG_BINARY | RRF_RT_REG_QWORD).#define RRF_RT_ANY 0x0000ffff..#define RRF_NOEXPAND 0x10000000.#define RRF_ZEROONFAILURE 0x20000000.. typedef ACCESS_MASK REGSAM;..#define HKEY_CLASSES_ROOT ((HKEY) (ULONG_PTR)((LONG)0x80000000)).#define HKEY_CURRENT_USER ((HKEY) (ULONG_PTR)((LONG)0x80000001)).#define HKEY_LOCAL_MACHINE (

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\winuser.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):179678
                                                                                                                                                                                                          Entropy (8bit):5.448601521160739
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:jgie2EUSlwrMbtENbSJGDN4tSUez2pUQkR:jgie7wrMSSJGDfUe++
                                                                                                                                                                                                          MD5:3243B7C1189CC2C02075C2B175592EA9
                                                                                                                                                                                                          SHA1:B520F45E195A50AB00ACC161EFEC7E6620E652AF
                                                                                                                                                                                                          SHA-256:4356BFCDF5209C4EC58DE486E2173CE4B17E0CE75A422B226FDDDD18597C9905
                                                                                                                                                                                                          SHA-512:CDAA9D91F80127028DC877924D2E41B4EF55714485536C4B64955195C94E8EBFBECF9A0D7545DF535CBF4C1977CA53C14379B96ABCEBF7AEC461BCBB87EF040E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef _WINUSER_.#define _WINUSER_..#define WINUSERAPI DECLSPEC_IMPORT..#ifdef __cplusplus.extern "C" {.#endif..#ifndef WINVER.#define WINVER 0x0502.#endif..#include <stdarg.h>..#ifndef NOUSER. typedef HANDLE HDWP;. typedef VOID MENUTEMPLATEA;. typedef VOID MENUTEMPLATEW;. typedef PVOID LPMENUTEMPLATEA;. typedef PVOID LPMENUTEMPLATEW;..#ifdef UNICODE. typedef MENUTEMPLATEW MENUTEMPLATE;. typedef LPMENUTEMPLATEW LPMENUTEMPLATE;.#else. typedef MENUTEMPLATEA MENUTEMPLATE;. typedef LPMENUTEMPLATEA LPMENUTEMPLATE;.#endif.. typedef LRESULT (CALLBACK *WNDPROC)(HWND,UINT,WPARAM,LPARAM);. typedef INT_PTR (CALLBACK *DLGPROC)(HWND,UINT,WPARAM,LPARAM);. typedef VOID (CALLBACK *TIMERPROC)(HWND,UINT,UINT_PTR,DWORD);. typedef WINBOOL (CALLBACK *GRAYSTRINGPROC)(HDC,LPARAM,int);.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\include\winapi\winver.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5381
                                                                                                                                                                                                          Entropy (8bit):5.237607493279814
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:EtGsCwPV1Ihot5C5snyv5vdQSZWVvc22c26T9Dd1s4S/BwS9BYwJw3+wIwV4mDVC:oC4V1Ihot5CFQjs4S/BwS9BmwJp9q1PK
                                                                                                                                                                                                          MD5:F0EF1B8EE3A22C3FA3CA4DD26012E309
                                                                                                                                                                                                          SHA1:4D78773275154677A5BB66D6393636CA2418EE69
                                                                                                                                                                                                          SHA-256:7D846678EC2A8C70F86308CF6BE585D760924C620DFCFB4B048F60D88577B69D
                                                                                                                                                                                                          SHA-512:7B230B6BE986E12C639DEE195198EE87FF1E9E0895FE3C101A3E8553D272986B9800C3C74B53A89128821D2D8D439A4968E48C29B2EDA43096E48F51B871B18C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/**. * This file has no copyright assigned and is placed in the Public Domain.. * This file is part of the w64 mingw-runtime package.. * No warranty is given; refer to the file DISCLAIMER within this package.. */.#ifndef VER_H.#define VER_H..#ifdef __cplusplus.extern "C" {.#endif..#define VS_FILE_INFO RT_VERSION.#define VS_VERSION_INFO 1.#define VS_USER_DEFINED 100..#define VS_FFI_SIGNATURE 0xFEEF04BDL.#define VS_FFI_STRUCVERSION 0x00010000L.#define VS_FFI_FILEFLAGSMASK 0x0000003FL..#define VS_FF_DEBUG 0x00000001L.#define VS_FF_PRERELEASE 0x00000002L.#define VS_FF_PATCHED 0x00000004L.#define VS_FF_PRIVATEBUILD 0x00000008L.#define VS_FF_INFOINFERRED 0x00000010L.#define VS_FF_SPECIALBUILD 0x00000020L..#define VOS_UNKNOWN 0x00000000L.#define VOS_DOS 0x00010000L.#define VOS_OS216 0x00020000L.#define VOS_OS232 0x00030000L.#define VOS_NT 0x00040000L.#define VOS_WINCE 0x00050000L..#define VOS__BASE 0x00000000L.#define VOS__WINDOWS16 0x00000001L.#define VOS__PM16 0x00000002L.#define VOS__PM32

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-0BGBJ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):308120
                                                                                                                                                                                                          Entropy (8bit):6.921402988579037
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:3QMsoykzuYV4SPaa/Gr+RBmRQ5wipE04CIcFw6eAwE5Sm1Q5jsV+XkO4qOT:3NJyTuxkC57IZEzGmT
                                                                                                                                                                                                          MD5:462322CC93E55016D5EA78B2B9823657
                                                                                                                                                                                                          SHA1:3E8E00B690A4370D6F2DFDCF730F2D3FDA4806A6
                                                                                                                                                                                                          SHA-256:AEDC048FCFEC594E7307E4730D850E5E0121820A76CA1A363F4A2E41D084F393
                                                                                                                                                                                                          SHA-512:A46E56130A8D1CA588D9935D98468543328B42492F1257157D2C7FD99AC341E8A22337AC2228AECF33A70913A7E7161B300BB458E1C07D5D0B94A7AA1DD72D79
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t.....q.q...y.W.P...y.i.b...y.V......D}.}...t...+....%R.\....%j.u...y.m.u....%h.u...Richt...........................PE..L...h.&V...........!.....p................................................................@.....................................d....P...............L...g...`..@E......8...............................@...............T............................text....o.......p.................. ..`.rdata...v.......x...t..............@..@.data....@..........................@....rsrc........P......................@..@.reloc..@E...`...F..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-0CE9E.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):46468
                                                                                                                                                                                                          Entropy (8bit):7.994038510231404
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:knKJWrjSpYCoxMO0HqzZuCxbSbONOirgFENxbWUYfQsQB/ju9x0QhS5d7uuNMRgH:knKJorQO0KcFigi841WUYfQhju9x0OcF
                                                                                                                                                                                                          MD5:715D61B9BCC484E271775F36865A4CDE
                                                                                                                                                                                                          SHA1:8AE158AEF6F6005AA3D6E6F8A09A05FD95551784
                                                                                                                                                                                                          SHA-256:C4B5797588C80520745732B96D7C6681F8420BDF55E426C40B852E56E5630124
                                                                                                                                                                                                          SHA-512:5C8E462FA504AC91D928617C74E287B598CE326A323C8A05533D4245D018A4A4CC354D05A0568785E7642D8CF779805950D70FE167C456B2D15F8901D714C037
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:CEPACK0:....|T..?~7..,...0.(....%........%.DL...uAE.....7...k...,..c[.........I.....Bk.y..........=..n6.}.......Wf.33g..9s..[r.V!U..#9E.........?...^.&.2..c....y.b...9..<..5?x(...<..#.....Y.x8...s..t.<......:d....K~.......O_....J...Q.S.y.o.m........^....F..G..s.A....D.E.......0.&...w....R...aV^.'.r_E?Vr.Z-.=E....K..j.].^i.4..Q.#"n.x.Y.....*.l.r... ..N9.......7...m.U...o....~z........I.9. NY........N.....Q...=..bP......w..o(.P.a...7.o..V=B.Pv..I..o..-......1.sp.P(x........M...~-.......R.N7...P.o..:....0)...+.Rq.(../....L.O.e.......^..8'.{"..!.=R.\...|.o.. ..U.c.5-.~g.S..3.A....p..+.#JC.....j..;.1S... ..STX.`y...Z....f.d....SI..Q....(P|d....l0....<{...0{.r..*Pr}..*.BE....{...2/;....H..kg.o....r<j.K3.S.U.e>X.<...c.4.d7/.`....k....YV.zU........).GO....Y.x....[.9.p...q.........G...7z.....y.......a.El.*F9&...[3...XF.P.<l.rU.o.C.a.4w..jI.UeU.tUi.....*.0.O..~J..^.a.M%VzwZ.*..U.WU$..qMU..h.\..MU...A.....1<...-......'...gG.U6!X.M.s

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-16220.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):386976
                                                                                                                                                                                                          Entropy (8bit):6.870406853054738
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:e59aKWK/HqY5AXeWEfv6TBr4udWNrrJ710vFTAmJxQIfaCU/MC3O74r/wuMGFYsN:G9WsHse9fvcBrnd8rrR10WUxkCxC3O7S
                                                                                                                                                                                                          MD5:81633981057858F56BECB3BD316283E9
                                                                                                                                                                                                          SHA1:F6981034B1A5E23766BA4D40D451D784A1CFF83E
                                                                                                                                                                                                          SHA-256:4885754E6AC08304858383E47D3ADA425409988871BA6586151143D511488614
                                                                                                                                                                                                          SHA-512:99886CB451EAE690657AC848B63D58CD8B436849F6D073C5C073B624A6956397AC5AB6B636B1970C60DCE4EB5B3512372A4EC79FC28E9397AFE7D0791466D0A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...x...y...x4..y...x...y./.y...y...x...y...x...y...x...y...x...y...y..y...x...y...x...y..1y...y...x...yRich...y........................PE..L...0.6c...........!.....f...N......D.....................................................@.........................pB.......F..(....................|...k.......7...8..p...........................p8..@...............D............................text...[d.......f.................. ..`.rdata..`............j..............@..@.data....E...P.......8..............@....rsrc................B..............@..@.reloc...7.......8...D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-22RE5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3208608
                                                                                                                                                                                                          Entropy (8bit):6.4378051911330445
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:itwSHCeicAlYJhPx7Ur4+Kn8KTqeUrncXbvTCeVxkg8vL5V2zRkit6bch6WuDgR1:itwAf64swnNmnfsR3ccJkKSib
                                                                                                                                                                                                          MD5:0D4BDC37F5031A827B2877770974FE49
                                                                                                                                                                                                          SHA1:7D7D63F1CC49FB94D2FD59AF8A0BA89966CE0E07
                                                                                                                                                                                                          SHA-256:F3C536EC5307D71260FA5D6D70AC56A20A00DBC3FB785E0DEB4EF0F7DC66FC2E
                                                                                                                                                                                                          SHA-512:D1FAF9BCF6BBF6E458780F4D913BA600A5F987FF33BE8D24A1165F5BFA925B2D1DFFDAA6E666712D09D58478174BC2956877A4A60376F7773D1E818BB38A23E1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........................d...D....-.......0....@..........................@1.......1.......................................-...... ................0..k..................................P0......................8.-.\............................text............................... ..`.data...d....0......................@....rdata...=... %..>....%.............@..@.bss....D....`-..........................CRT..........-......F-.............@....idata.../....-..0...H-.............@....rsrc........ .......x-.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-2RTOA.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1491
                                                                                                                                                                                                          Entropy (8bit):5.150461183336365
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:c3UnepmoqbOOrYFlrJYrYFIzLQ9Zonc432smXOkuEWRO632s3yOtTf1p13to+Zqh:xOOrYj2rYCzeqnc432sem32s3xtD13tQ
                                                                                                                                                                                                          MD5:1EE5923E90E9DB03EF80F6DA5C14FB7B
                                                                                                                                                                                                          SHA1:BCB456DB885C932605F4DCFFABBF771BC7CB5C41
                                                                                                                                                                                                          SHA-256:1A971954CD09C202E73E625329EE4DDF7291C7C0E155A1086DA7FAAC1957C94B
                                                                                                                                                                                                          SHA-512:8A008D4FAEE52F76A6C9024DE88963261730FA12EB54B0BE5FB80F8CC02CF7FEC0EFC126A209A646BE17D91B78FFC2E54BAAB7E346474BCFFFD92D3C942E959F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Copyright 2018 Alex Ionescu. All rights reserved.....Redistribution and use in source and binary forms, with or without modification, are permitted provided..that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this list of conditions and.. the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions.. and the following disclaimer in the documentation and/or other materials provided with the.. distribution.....THIS SOFTWARE IS PROVIDED BY ALEX IONESCU ``AS IS'' AND ANY EXPRESS OR IMPLIED..WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND..FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ALEX IONESCU..OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR..CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS..OR SERVICES; LOSS OF USE,

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-2U6TF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:DOS/MBR boot sector
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):477184
                                                                                                                                                                                                          Entropy (8bit):5.927630308859684
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:JEgIgQUO3gqHm5DHLj7S0/Y9kwRofaqcEL5jw/ayKImdyoO:Gg/hEm5DrHE9kwRofaqcEL5jw/ayKImD
                                                                                                                                                                                                          MD5:036B059F8C1CC9AFF3D010E5446BB16C
                                                                                                                                                                                                          SHA1:450842B84E2FACE167E2D138E4F96317CB255BB3
                                                                                                                                                                                                          SHA-256:248F3D48664482090D2C8C01B98518777DED1D900E17ACBC077EFE17258411A6
                                                                                                                                                                                                          SHA-512:4BA5E167A2E3BFE92D43759642AF7BCDB6F4C9EFA30C0F9DE85D6E9758B62FC7ED89FAFDE48910E4E059080E457E3556D23CB1D59B3062C75F81DB9C59B75657
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.$.CETC2#...............>.A..............f..p....$p1...f...pf...pf...pf.6.pf.>.pf...pf.&.p.."p...&p..(p..*p.X.,p....0p. .f..}......0.......|1....?........}..............`.............6.|...?@..|.......& |.!....Q....."|.6$|...|....s......|..........u........1.."|..."|S...J.[:..|r....."|..$|..$|:..|u...$|....$|YI...Qu.Y.....|f...|......f}....0...P.P.&f}..g}...e..e.E...X..g}...f}...<.t...e..e.E.....F....f}.....Q....f.Y...`1.....t.=..t.=..t....X...@.f1........1..f.......@s.a..DBVM BS.......U......PR>..".>..#..........R........Z.&..&.D......Ps.........r...>..".>..#.ZX.....F.<$u..PRZX.PSQW....N..$N9.r.1......0..N...u..A9.r... N...._Y[X.PSQW....N..$N9.r,1.......w...0.......a..N...u..A9.r... N...._Y[X.88=$e801:$e820:..$ax=$bx=$cx=$dx=$SMAP ERROR!..$..................$................................get VESA info success..$get VESA info failed..$ Failurevideomode 0x$..1...H..&......6........&;.........t........retry reading disk..........f1.f1........]>..?.>

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-336LU.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows HtmlHelp Data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):306758
                                                                                                                                                                                                          Entropy (8bit):7.936079952495831
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:/UuFqUYSsTDiKebI7F03RPf2rB84daXcXrcURJo8tGgqQdB5+cbsQe/zQXE9LA2:tFhYSsnl0I7FG8S4daC/RGg1bnerQILf
                                                                                                                                                                                                          MD5:BB80FEC3B6E843B61859914480706CD9
                                                                                                                                                                                                          SHA1:0CED874BEE5BDA6059B5195911AA117693D9D2DE
                                                                                                                                                                                                          SHA-256:2D52F9D59211F8906ACE16525721B1400343BDF720F062CF111D84089F129009
                                                                                                                                                                                                          SHA-512:78D8A024DABD111B59BEEA4DC21150C7FBB3A6924201D2F3FF9E720E4BBC967BBFF285BA2064BC35C260FFDE433C639FDC0252C47AE29B43398117EDA21CF648
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:ITSF....`........2.........|.{.......".....|.{......."..`...............x.......T0.......0..............F...............ITSP....T...........................................j..].!......."..T...............PMGLS................/..../#IDXHDR..t.../#ITBITS..../#IVB...B.,./#STRINGS...O.r./#SYSTEM..v.6./#TOPICS...t.../#URLSTR...t.[./#URLTBL...t.../#WINDOWS...2.../$FIftiMain...<..8./$OBJINST...}.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...y../$WWKeywordLinks/..../$WWKeywordLinks/BTree..z.L./$WWKeywordLinks/Data...F.../$WWKeywordLinks/Map...G../$WWKeywordLinks/Property...Y ./0-ptaddresslist.html...8.S./1-ptmemoryview.html......./2-ptondebugevent.html...".../3-ptprocesswatcherevent.html...;.i$/3Dpinballforwindowspointercode.html.....s /4-ptfunctionpointerschange.html...$.2./5-ptmainmenu.html...V.]./aa_addextracommand.html...v.../aa_removeextracommand.html......./About.html...q."./Aboutb1.JPG...*.i./AboutCheatEngine.html.....U./Aboutthedebugger.html.....V./address.html...9.../Ad

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-4POE7.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):271256
                                                                                                                                                                                                          Entropy (8bit):6.040002515360521
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:XcxPVJy83/NkY56owwouBQGsyTfkaiX6P0a:XkPV483FB56wsyTfkOJ
                                                                                                                                                                                                          MD5:F9C562B838A3C0620FB6EE46B20B554C
                                                                                                                                                                                                          SHA1:5095F54BE57622730698B5C92C61B124DFB3B944
                                                                                                                                                                                                          SHA-256:E08B035D0A894D8BEA64E67B1ED0BCE27567D417EAAA133E8B231F8A939E581D
                                                                                                                                                                                                          SHA-512:A20BC9A442C698C264FEF82AA743D9F3873227D7D55CB908E282FA1F5DCFF6B40C5B9CA7802576EF2F5A753FD1C534E9BE69464B29AF8EFEC8B019814B875296
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....d..t....-...........................................0.................................................................P........................g......h.......................................................0............................text....d.......f.................. ..`.data...t............j..............@....rdata..............................@..@.pdata...........0...`..............@..@.bss.....-...............................CRT................................@....idata..............................@....rsrc...............................@....reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-5GVR6.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):149912
                                                                                                                                                                                                          Entropy (8bit):6.586184520889439
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:/20T06lYodB6ZcnHgSFulvfV0tYP/ipaQ8PFRBIiOBNOW:1Y6bdB6uHgSwtfV0+P/is1BIpD
                                                                                                                                                                                                          MD5:0EAAC872AADC457C87EE995BBF45A9C1
                                                                                                                                                                                                          SHA1:5E9E9B98F40424AD5397FC73C13B882D75499D27
                                                                                                                                                                                                          SHA-256:6F505CC5973687BBDA1C2D9AC8A635D333F57C12067C54DA7453D9448AB40B8F
                                                                                                                                                                                                          SHA-512:164D1E6EF537D44AC4C0FD90D3C708843A74AC2E08FA2B3F0FDD4A180401210847E0F7BB8EC3056F5DC1D5A54D3239C59FB37914CE7742A4C0EB81578657D24B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Pr.P.............As.e....Ae......At.:.....;......Al.........p....Az......Ab......Aa.....Rich............................PE..d...p..S.........." .....Z..........@|.......................................@......b.....@.............................................G.......P.... ...................g...0..h...0s...............................................p...............................text....Y.......Z.................. ..`.rdata...L...p...N...^..............@..@.data....<..........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-5I4UE.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):541592
                                                                                                                                                                                                          Entropy (8bit):6.56379573889746
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:FshVOadaiL9mUHQMpgL8LgpqClZNKX6SumisBEb/NUidzSky3uDMK/LXTMBQqN5T:hOL9J2L8E5VKKSuLGEhXGstCXoYkc7BV
                                                                                                                                                                                                          MD5:B7C9F1E7E640F1A034BE84AF86970D45
                                                                                                                                                                                                          SHA1:F795DC3D781B9578A96C92658B9F95806FC9BDDE
                                                                                                                                                                                                          SHA-256:6D0A06B90213F082CB98950890518C0F08B9FC16DBFAB34D400267CB6CDADEFF
                                                                                                                                                                                                          SHA-512:DA63992B68F1112C0D6B33E6004F38E85B3C3E251E0D5457CD63804A49C5AA05AA23249E0614DACAD4FEC28CA6EFDB5DDEE06DA5BFBFA07E21942976201079F3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p.............q.R.....q.P.....q.Q.....y......y......y.......i0............Vx......Vx......Vx\.....Vx......Rich............PE..d....w._.........." .................:....................................... ......&.....`.........................................0f..p....t..(................Q.......g......\.......p............................................................................text............................... ..`.rdata..............................@..@.data...8............n..............@....pdata...Q.......R...|..............@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-5LK6U.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2086
                                                                                                                                                                                                          Entropy (8bit):4.748005607182281
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:HZooJUJAimKakohOgM4TDB6liofD0x6g8W:HioemKakaOgM4J6l5C6g8W
                                                                                                                                                                                                          MD5:650C02FC9F949D14D62E32DD7A894F5E
                                                                                                                                                                                                          SHA1:FA5399B01AADD9F1A4A5632F8632711C186EC0DE
                                                                                                                                                                                                          SHA-256:C4D23DB8EFFB359B4AA4D1E1E480486FE3A4586CE8243397A94250627BA4F8CC
                                                                                                                                                                                                          SHA-512:F2CAAF604C271283FC7AF3AA9674B9D647C4AC53DFFCA031DBF1220D3ED2E867943F5409A95F41C61D716879BED7C888735F43A068F1CC1452B4196D611CB76D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview://credits: ms d3d tutorials which I hacked apart....Texture2D txDiffuse : register( t0 );..SamplerState samLinear : register( s0 );....cbuffer ConstantBuffer : register( b0 )..{....float4x4 rotation;.. float2 originpoint;...float2 translation;...float2 scaling;...float transparency;....float garbage;...}..........//--------------------------------------------------------------------------------------..struct VS_INPUT..{.. float4 Pos : POSITION;.. float2 Tex : TEXCOORD0;..};....struct PS_INPUT..{.. float4 Pos : SV_POSITION;.. float2 Tex : TEXCOORD0;..};......//--------------------------------------------------------------------------------------..// Vertex Shader..//--------------------------------------------------------------------------------------..PS_INPUT VS( VS_INPUT input )..{.... PS_INPUT r=input;.. float4 rp;........ r.Pos[0]-=originpoint[0];.. r.Pos[1]+=originpoint[1];.. r.Pos=mul(r.Pos, rotation);.... r.Pos[0]+=originpoint[0];.. r.Pos[

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-72BU9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12807608
                                                                                                                                                                                                          Entropy (8bit):6.604078603198481
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:393216:ueBcnBaXXA3MnU+239JmqUKSw6knnbWUuMu25s8U:uis/c2GF
                                                                                                                                                                                                          MD5:5BE6A65F186CF219FA25BDD261616300
                                                                                                                                                                                                          SHA1:B5D5AE2477653ABD03B56D1C536C9A2A5C5F7487
                                                                                                                                                                                                          SHA-256:274E91A91A7A520F76C8E854DC42F96484AF2D69277312D861071BDE5A91991C
                                                                                                                                                                                                          SHA-512:69634D85F66127999EA4914A93B3B7C90BC8C8FAB1B458CFA6F21AB0216D1DACC50976354F7F010BB31C5873CC2D2C30B4A715397FB0E9E01A5233C2521E7716
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................./......&h..t...q...<.......@h...@.................................$........................................P...........................k..................................P@h......................\..L............................text....&h......(h................. ..`.data....t...@h..v...,h.............@....rdata..X.B...u...B...u.............@..@.bss.....q...............................CRT.........@......................@....idata...H...P...J..................@....rsrc............ .................@.../4..................................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-75TSL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):464280
                                                                                                                                                                                                          Entropy (8bit):6.881353710429075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:dBj8paX8fQ/T/md4OASZAOLRwRai6wXGn+hfy:dxLrLmd4OA4L8DXGnmy
                                                                                                                                                                                                          MD5:AD3F33BAC8EADAB224ADAF4CF6D5B97A
                                                                                                                                                                                                          SHA1:6CCFB97236C5AD3B48A3EB7A113E3E297422E808
                                                                                                                                                                                                          SHA-256:58B206AB9A3D84FDAFB537B419F721ECDEADE489707DBAB227B043D5343DB369
                                                                                                                                                                                                          SHA-512:C319A1C3D0D90AFEFD27DC0379C79E38993490FFA14CB281F419BC94FDE5776CD7EAB54351C57F6EAEEBCACF7F965FA0B8A8DD67489E799FCD84D39393C62A3E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]..3...3...3..d...3..d....3..d....3...6...3...7...3...0...3.......3...2...3.<.;...3.<.3...3.<....3.<.1...3.Rich..3.................PE..L....v._...........!..... ...................0............................................@..........................c.......q..(........................g.......2...W..p............................X..@............0..h............................text...@........ .................. ..`.rdata...I...0...J...$..............@..@.data................n..............@....rsrc................x..............@..@.reloc...2.......4...z..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-7BM0M.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):144280
                                                                                                                                                                                                          Entropy (8bit):6.553148474736184
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Kd3u82FbW5v1B9omLKfBbYWFhFCsfa5z8saPFZ1sL3OD1Ow:Kd+NFbWUMKfBTjFxfa5a1y4N
                                                                                                                                                                                                          MD5:0DAF9F07847CCEB0F0760BF5D770B8C1
                                                                                                                                                                                                          SHA1:992CC461F67ACEA58A866A78B6EEFB0CBCC3AAA1
                                                                                                                                                                                                          SHA-256:A2AC2BA27B0ED9ACC3F0EA1BEF9909A59169BC2EB16C979EF8E736A784BF2FA4
                                                                                                                                                                                                          SHA-512:B4DDA28721DE88A372AF39D4DFBA6E612CE06CC443D6A6D636334865A9F8CA555591FB36D9829B54BC0FB27F486D4F216D50F68E1C2DF067439FE8EBBF203B6A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q..7...d...d...d..Vd{..d..@d...d..Qd9..d...d...d.Id...d...dq..d.._d...d..Gd...d..Dd...dRich...d........PE..d...p..S.........." .....F...........t.......................................0............@.........................................p...G......P........................g... ..h...0c...............................................`...............................text...fD.......F.................. ..`.rdata...J...`...L...J..............@..@.data....<..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-7CQ1E.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):242616
                                                                                                                                                                                                          Entropy (8bit):6.432754517349666
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:Bj9mOBuELLZXBJPCR6ygny56rs+iO2AwCNCtALb44TPk3Ap1rleY/DptNH/P0uHV:fn7LhBJ9W56A+iOlfN/LbZnbptN0uZH
                                                                                                                                                                                                          MD5:9AF96706762298CF72DF2A74213494C9
                                                                                                                                                                                                          SHA1:4B5FD2F168380919524ECCE77AA1BE330FDEF57A
                                                                                                                                                                                                          SHA-256:65FA2CCB3AC5400DD92DDA5F640445A6E195DA7C827107260F67624D3EB95E7D
                                                                                                                                                                                                          SHA-512:29A0619093C4C0ECF602C861EC819EF16550C0607DF93067EAEF4259A84FD7D40EB88CD5548C0B3B265F3CE5237B585F508FDD543FA281737BE17C0551163BD4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........H..................$...t.................@.............................................................................d....................H...k..................................P.......................4................................text............................... ..`.data...$...........................@....rdata..............................@..@.bss....t....P...........................CRT.................,..............@....idata..............................@....rsrc................:..............@.../4......$............F..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-7QPMC.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):336600
                                                                                                                                                                                                          Entropy (8bit):6.344264969706984
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:6LYEDJlXw5pAnHp2ukwTX6N8B4A84zMtEl1knxgaPZ3nbanlYZn2l1S2CAYOpIOs:6LYEDJAAnHp2uk2KNO0tEQV+b3n6
                                                                                                                                                                                                          MD5:19D52868C3E0B609DBEB68EF81F381A9
                                                                                                                                                                                                          SHA1:CE365BD4CF627A3849D7277BAFBF2F5F56F496DC
                                                                                                                                                                                                          SHA-256:B96469B310BA59D1DB320A337B3A8104DB232A4344A47A8E5AE72F16CC7B1FF4
                                                                                                                                                                                                          SHA-512:5FBD53D761695DE1DD6F0AFD0964B33863764C89692345CAB013C0B1B6332C24DCF766028F305CC87D864D17229D7A52BF19A299CA136A799053C368F21C8926
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!...G.3..D....G...C.......P.......................................E...............................P.......@..P...................@....g...`...$...................................................A..t............................text....3.......4.................. ..`.data...D....P.......8..............@....rdata...a...p...b...L..............@..@.bss.....G...............................CRT.........0......................@....idata..y....@......................@....edata.......P......................@..@.reloc...$...`...&..................@..B.stab... ...........................@..B.stabstr............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-9U9B4.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):135064
                                                                                                                                                                                                          Entropy (8bit):6.612681349758152
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:ZGrrgbU27p/nFdpF/vwFLUjh2v5VjObfSVMPFtE8PdYO3kOc:crk3ZFdpRYUjh2verh6
                                                                                                                                                                                                          MD5:2AF7AFE35AB4825E58F43434F5AE9A0F
                                                                                                                                                                                                          SHA1:B67C51CAD09B236AE859A77D0807669283D6342F
                                                                                                                                                                                                          SHA-256:7D82694094C1BBC586E554FA87A4B1ED6EBC9EB14902FD429824DCD501339722
                                                                                                                                                                                                          SHA-512:23B7C6DB0CB9C918AD9F28FA0E4E683C7E2495E89A136B75B7E1BE6380591DA61B6FB4F7248191F28FD3D80C4A391744A96434B4AB96B9531B5EBB0EC970B9D0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........nV..............................*%..........................Rich............PE..d...p..S.........." .....&...~......0\...............................................8....@.................................................l...<........................g......$....C...............................................@...............................text....%.......&.................. ..`.rdata..~K...@...L...*..............@..@.data....;...........v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..>...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-A5B9G.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):309664
                                                                                                                                                                                                          Entropy (8bit):5.8237432164000404
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:TDwf7I4zq0ZDVQ5uIqp5rkenPajp80Gc5:T0f7Bz/G5uImQaPajp3
                                                                                                                                                                                                          MD5:59089C96334966EDFFC70BF4AE829910
                                                                                                                                                                                                          SHA1:8DC37D6F2364749D52DB1BCB9AD9FE30FB93930D
                                                                                                                                                                                                          SHA-256:49A55638C5A0F8112B89C45A24A2BCD102FF5DE2D22386649D7F6FFD283AF1FD
                                                                                                                                                                                                          SHA-512:3EDD411905298FDE78DF57B063B4B2000FA2D16F0E1A14E8940D4FBC2226C1CBA6925C47D3BECC10E76BBA9C5864CF671F5EF3B29CFA430823D0FA9BF9BBC3A9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................e.......).. .............@.........................................................................`..d....p...............N...k......|...........................P........................b...............................text....e.......f.................. ..`.data................j..............@....rdata...~..........................@..@.bss.....)... ...........................CRT.........P......................@....idata.......`......................@....rsrc........p......................@....reloc..|........0..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-ANU26.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):456096
                                                                                                                                                                                                          Entropy (8bit):6.635086574093954
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:tTaB+hAvavjZihpuXh9js6zMxfdKCXbRRUsQHoh3+KZ+a3cnldkEBX/zrMMZKUjo:haBtvavY6XhNrzSk2gxQ3Wn7kw3o
                                                                                                                                                                                                          MD5:AA97F366592E0FA41D2D2F61765CA7D5
                                                                                                                                                                                                          SHA1:BE85DAF3B07E66225CD4167F96ED6292CCE54E1E
                                                                                                                                                                                                          SHA-256:D63036771F21AE7E056F2211CB560BFCF79ADE356B59D8F462050B2DD840E86C
                                                                                                                                                                                                          SHA-512:F16D3F899504EF556D186BEBE1A526D9999454AB60697CDE221130720AB8154003543A62C4E53124C902E51FCF62B653C914B316DA0E3766DF5026E386DD47CC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......HJjD.+...+...+..iM...+..iM...+..iM...+.......+..^C...+..^C...+..^C...+..iM...+...+..S+...B...+...B...+...B...+...B...+..Rich.+..........................PE..d...3.6c.........." ................@P..............................................C.....`..........................................C......4G..(................3.......k......$... ...p............................................ ...............................text...p........................... ..`.rdata.../... ...0..................@..@.data...jX...P.......@..............@....pdata...3.......4...L..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-BFF2E.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3223968
                                                                                                                                                                                                          Entropy (8bit):6.338087367720092
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:vdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TYfx:0HDYsqiPRhINnq95FoHVBT333T+
                                                                                                                                                                                                          MD5:9AA2ACD4C96F8BA03BB6C3EA806D806F
                                                                                                                                                                                                          SHA1:9752F38CC51314BFD6D9ACB9FB773E90F8EA0E15
                                                                                                                                                                                                          SHA-256:1B81562FDAEAA1BC22CBAA15C92BAB90A12080519916CFA30C843796021153BB
                                                                                                                                                                                                          SHA-512:B0A00082C1E37EFBFC2058887DB60DABF6E9606713045F53DB450F16EBAE0296ABFD73A025FFA6A8F2DCB730C69DD407F7889037182CE46C68367F54F4B1DC8D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1......u1...@......@....................-.......-..9....................0..k....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-BTJJH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):479536
                                                                                                                                                                                                          Entropy (8bit):5.994666279988566
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:Tch6UtcJYg8yRAkB+vsoqOvfkv+y3ilZkaCeMG:e6Utc6gdcfkv+KIR
                                                                                                                                                                                                          MD5:DAA81711AD1F1B1F8D96DC926D502484
                                                                                                                                                                                                          SHA1:7130B241E23BEDE2B1F812D95FDB4ED5EECADBFD
                                                                                                                                                                                                          SHA-256:8422BE70E0EC59C962B35ACF8AD80671BCC8330C9256E6E1EC5C07691388CD66
                                                                                                                                                                                                          SHA-512:9EAA8E04AD7359A30D5E2F9256F94C1643D4C3F3C0DFF24D6CD9E31A6F88CB3B470DD98F01F8B0F57BB947ADC3D45C35749ED4877C7CBBBCC181145F0C361065
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................& ...G.......XJ..P................................................................................................`.......P..P...............t1.......g...p..(...................................................`S...............................text.............................. ..`.data...............................@....rdata..............................@..@.pdata..t1.......2..................@..@.bss....XJ...............................CRT.........@......................@....idata.......P......................@....edata.......`......................@..@.reloc..(....p......................@..B/4..................................@..B/16.................................@..B/30.................................@..B/42.....@...........................@..B........................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-CV4H4.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):99199
                                                                                                                                                                                                          Entropy (8bit):7.9924368254113025
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:1536:CGNxLS1cRzW1Dx15WXGNp7u4A3AP6ovMlJEyWYykDQdTkQRWMJv2kXWMFopxLZq5:QcFW1DdDrTP6o0jEyERskXepHqz9
                                                                                                                                                                                                          MD5:EC8679FCB11314E333F6518113F1D71E
                                                                                                                                                                                                          SHA1:F6642D2551238733324141810B12C964FFE3B518
                                                                                                                                                                                                          SHA-256:45CFE56AE9CBB58FC51700425A19771C87029F63CB1A96CB258AEBE6AEE9D37A
                                                                                                                                                                                                          SHA-512:71EF7CBACD90317D32B0E4E81F64B6A4BABF644A1391396E9FF6C000C902660CFE87E5A86DF456EF5FB2DE0E6688BBF0778AB917D98BC86FB81AEA658672B4DB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:CEPACK.....}}|S.....m....B..k...U7.....Q.@..u.a...V.`...zz..6.~u..'.lCe...(i...2M)....dzK.F.m(.....4.....~....M..s...<.y.s.M.]>F.0..O,.0-..W.......?.....\......+.>..p].c.........9...@a......-\r...G.[......U....,c.R..1.>..O...53.fI)..7.2L..S..N..U.W..DD.|..,~...SJcz....z.,....*...4.Sz...t....lrb..G.P........}.....C..@.>..;t).......e...#.._..+.....c.i.....W......?.z..........-i.ui.U.......Z3....[.....O.b........I.....4..x.&n...h..4.bM.:M|.&.@./..h.VM|.&^.....Wk..h..i.k4....:M..o..5.:M.A.o....}.........fM|.&.U...o..wh.-..nM.....4.x@.?...5..x.&~Z..5..M<...j..M<..3...9M...5q.&....h..5.BM......i...u..|M|.&^../....2M.B._............h.k5.5.u..S...Wk.u.x.&..&.......7k.[4..6M|.&.C.oI..k./m|s.o..9....%.(.Mu..N-b..s/..!1.V.).s<~\....d...U...m..((...|._...{...y70/.A.X....b... ....@:..l3..tdT`....b...>Z*..!......~.'....G:XF...H\."....%...T.+^x~.....?b.......}S...0........+.9UP.l...........v.O..].?...6.....g1.s.i...,.0..[...<.C.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-DD0U1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3403192
                                                                                                                                                                                                          Entropy (8bit):6.035185815441339
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:ar2V9BrWblVbqS1+Cxz0MB95D//ocnaMo6WuDgRPZO/Y12y6Pu:aqV9BqzbqSR009StqG
                                                                                                                                                                                                          MD5:1C1630B241D5A6BE07BFBA2B3EA97A25
                                                                                                                                                                                                          SHA1:7203255D1A6021874D41A48FCD5719FD7034F34C
                                                                                                                                                                                                          SHA-256:526CDDD0D843F5984AC6CB98D28F22B090682C3A8704122B644EC8AE2C9A10E5
                                                                                                                                                                                                          SHA-512:BDDEDB575FEBF8C8103CFBB1981FD1D5F20D2E0F1D6F4252A98930D587420A69750DDC1BE46932CDF979B8633054321F462557D88349459E111BE43139BEFF4A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........3......./..... z..tN...j..0,.......................................@4.......4.......................................................2.......2..3... 0.......3..k..................................p...(.....................2..............................text... z.......|.................. ..`.data...tN.......P..................@....rdata...7....!..8....!.............@..@.pdata....... 0.......0.............@..@.bss.....j...02..........................CRT..........2.......2.............@....idata...;....2..<....2.............@....rsrc....3....2..4...L2.............@.../4...........04.......3.............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-F95P5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1882
                                                                                                                                                                                                          Entropy (8bit):4.658116184932645
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:60wIlJhxWXs/2h8OjrGCLyO7OjO6NsVhVyQk7FUBL9HuTsx0refVS+IsZZsznGd2:HTP8gE8OvnKy6NsVu7FYLswlW/
                                                                                                                                                                                                          MD5:CC0F8B66BFEDC67DA8DBB2A7DF2AA006
                                                                                                                                                                                                          SHA1:C6D86CC43A042581E389DC9A28AFFDDF64294AC8
                                                                                                                                                                                                          SHA-256:CDDD0F35F7351E6F19486CCD7EEE5D31F0134C5C3554A12C7D51131DDE8E29CD
                                                                                                                                                                                                          SHA-512:A4AEC40AC6BEA2ADACF15829AEEEBE66117473A542303024669A828710C6AFD072C0F4890A6A334B35AC894A1A80A5BDD5E91A6FFCB7149540E304117A7E5800
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#write down modulenames that are commonly used by games..#this decreases the number of wrong results in various types of memory inspection....1911.dll..speedtreert.dll..visionengineplugin.vplugin..vision90.dll..vbase90.dll..nvscpapi.dll..physxcore.dll #nvidia physx..nxcooking.dll..physxloader.dll..physxextensions.dll..cudart.dll..openal32.dll..vorbisfile.dll..ogg.dll..vorbis.dll..vorbisenc.dll..vorbisfile.dll..binkw32.dll..bink2w64.dll..iconv.dll..gameoverlayrenderer.dll #steam..steam_api.dll..steam_api64.dll..steamclient.dll..steamclient64.dll..tier0_s.dll..vstdlib_s.dll..steam.dll..steam2.dll..mss32.dll..dbghelp.dll..umbra.dll..unrar.dll....#CE dll's..cehook.dll..allochook.dll..allochook-x86_64.dll..allochook-i386.dll..vehdebug-i386.dll..vehdebug-x86_64.dll..speedhack-i386.dll..speedhack-x86_64.dll..luaclient-i386.dll..luaclient-x86_64.dll..d3dhook.dll..d3dhook64.dll..ced3d9hook.dll..ced3d9hook64.dll..ced3d10hook.dll..ced3d10hook64.dll..ced3d11hook.dll..ced3d11hook64.dll..luaclient-

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-FBMCH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):6.593562490537789
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:O18qyj/0fZMX/ferOk9OWtW2kdT0PgluBKd9cCkAl8F:O10/3er/X1Y4BKtJuF
                                                                                                                                                                                                          MD5:A4B42FDCA7043792CCC37C611DB21075
                                                                                                                                                                                                          SHA1:17CBF2EC6ECA6BD0CAF1DA78AF51D9F363151168
                                                                                                                                                                                                          SHA-256:8B8955524079508FEC59D396A891110660AE2486F24BC8BCBCDBCC975BB49AE7
                                                                                                                                                                                                          SHA-512:B6877F5B5B88A9B05A85F562D975A8820ACAC3773AA5FB91CEB1DA6C731C90C486A6AAF78DF6EDCF69B0EA74286DC7CC8FA2CBF98453539EFA55EC18D38116BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[0n...w+$.H'1,..t...).=s..Ds.......y....G2......wX+...W=............./X1AjF~G4...OD>....J.R."..S......0.Q[8....A..6.... ...

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-FBTQU.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1113504
                                                                                                                                                                                                          Entropy (8bit):5.932626447270598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:3+hKmLazchlUT5PzJXmGFYKUeMzkMz7S480UJ+RNdO24a/s0X4G:Uy4n8VWGQdS480U4RN20X4G
                                                                                                                                                                                                          MD5:CCD151D8EE8ED05AA0E1D9142FD6E438
                                                                                                                                                                                                          SHA1:8D343BBC1A6F2D5D9ED8813427635696291C8F0D
                                                                                                                                                                                                          SHA-256:5C929F453DB7F0703BC8F939E39D48C79ECAB9E453918E5D0CD136C8026474CC
                                                                                                                                                                                                          SHA-512:DCB0B9A9B2908D5D55214F6A261B0A8C08889603CFABC327A7A82387012925BBF486B5C28B5250E9449FF9758748A021023C99EE02B59ABBB7B3C979A06DAEB4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.Z't.4tt.4tt.4t..0ux.4t..7ur.4t..1u.4t.3.t~.4t&.1ui.4t&.0ue.4t&.7u~.4t..5uw.4tt.5t).4t..0uu.4t..1uu.4t..4uu.4t...tu.4t..6uu.4tRicht.4t........PE..d.....6c.........." .....\..........o........................................ ............`.............................................d......(.......<.......\........k..........@...8............................................................................textbss.A...............................text....Z...`...\.................. ..`.rdata...@.......B...`..............@..@.data...............................@....pdata..X...........................@..@.idata..r............Z..............@..@.msvcjmc8............l..............@....00cfg...............n..............@..@.rsrc...<............p..............@..@.reloc..7............v..............@..B................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-FDDI5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):104
                                                                                                                                                                                                          Entropy (8bit):4.292808527787486
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:VSPAiQ7UeSaClo+tHEu3jdXgOYsO:Vr7Ueyl4u3jdQOS
                                                                                                                                                                                                          MD5:A2E60A2F01F69D0DA415C58F25C37E5B
                                                                                                                                                                                                          SHA1:FA1A0D6183FEE10DE5FA4C554370556217E3AF26
                                                                                                                                                                                                          SHA-256:DC9354CCF9667D1E5CA13D6468BA2C258256042D7C25E6D91ADE7F8E2A2FF3BF
                                                                                                                                                                                                          SHA-512:CE7F5F8365D2EF3DA14D4123CC7EF053A7F99E8F98D47E6C5967F267B8EC7FDAC2DA993D0FC26DF8EB2FACE176BA56B7359BA1F29F021E1DFDD561B15EFE64AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#Enter modulenames you do not wish to trace..#kernel32.dll #example. comment out to ignore kernel32.dll

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-FMRQF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):161688
                                                                                                                                                                                                          Entropy (8bit):6.832669552984183
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:K3uc99F6AOdjfTOZztxlGWGXLQbcpNk6FowD6QcEY7Xjl5hf8keDQa/c7usWjcd6:K3ukXTNGp7+6zaEY7Zf/a0ye3ZoOvKOS
                                                                                                                                                                                                          MD5:DF443813546ABCEF7F33DD9FC0C6070A
                                                                                                                                                                                                          SHA1:635D2D453D48382824E44DD1E59D5C54D735EE2C
                                                                                                                                                                                                          SHA-256:D14911C838620251F7F64C190B04BB8F4E762318CC763D993C9179376228D8CA
                                                                                                                                                                                                          SHA-512:9F9BEA9112D9DB9BCECFC8E4800B7E8032EFB240CBBDDAF26C133B4CE12D27B47DC4E90BC339C561714BC972F6E809B2EC9C9E1FACC6C223FBAC66B089A14C25
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..U~...~...~...s...^...s.#.i...s.......w.o.}...~...'....v..g....v .....s.'......v".....Rich~...........................PE..L....d.W...........!.........................................................p......w.....@................................. ...(....@...................g...P..(...p...8...........................h...@...............4............................text............................... ..`.rdata...T.......V..................@..@.data... =..........................@....rsrc........@......................@..@.reloc..(....P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-FQGBJ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):6.608714005689305
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:/toxN4m4GbUss7S2tY1wnwi9DU4liplagVMlWqOUFgaUSR708:Lm4GbnkSHunwlaiplNmlVOUaar08
                                                                                                                                                                                                          MD5:FE5E5B8B50F441DD772BFA1996AC744E
                                                                                                                                                                                                          SHA1:11D00533ADE98E94C7C6609F4E4B002A94CB440C
                                                                                                                                                                                                          SHA-256:A769BC72C97106722BF5CE8D76AFDC3EC54FC38931872B0637D8B7A281FFFE22
                                                                                                                                                                                                          SHA-512:559FB92A2C58B84AC1CDA6115AA175B0285EA98903EB1F6C91E3A0ECF39F6D667711F97D0EFF8CD98BA25256EC7B339E38D892A90186DB482587E1A80462A6EB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.^..'....'..d.]-+4.].....Q..m...bs...w.M.kTBU..5C...e.....].a..0.N+rF^.-..\......f...B).#H......XM....Ej`.q....I.3p...p:.(.Y

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-FUMG5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):339864
                                                                                                                                                                                                          Entropy (8bit):6.56829741282491
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:ZnVdQfxRaiC76I/wZGteu+WJrXeN6joNtMrvMl9u61s1JGTBHpMqdmgIIE5pY2B:jdsxs6I6k9MUoNt2vSs8KqdmgIIE/b
                                                                                                                                                                                                          MD5:A358DAE60F1C0F6A633F98B1E4D3E850
                                                                                                                                                                                                          SHA1:2016F1FB0F8000E515602498432951B7C5BC5ACA
                                                                                                                                                                                                          SHA-256:25C648CFDB4CDBBB13630ADC7C14F2BB556C98F5CD1DCBECAFFA91629D2D4A4C
                                                                                                                                                                                                          SHA-512:879B5E95CF7F06E105930724BBC6967B367417DCE390A15DE48BF5CE76CE2435EA4A59095AB67EEE5A05FA41126DDB984C2154ABA34B33FAC895A1CCC2D2A617
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.j...9...9...9..p9...9..V9...9..W9...9..h9...9K.|9...9...9...9#.S9...9#.k9...9.|l9...9#.i9...9Rich...9........PE..d...t.&V.........." .........J...............................................0............`..........................................h.......t..d...............\+.......g... ......@...8............................8..p............................................text............................... ..`.rdata..P...........................@..@.data....R......."...n..............@....pdata..\+.......,..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-GCQDJ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):386976
                                                                                                                                                                                                          Entropy (8bit):6.870368063282166
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:359aKWK/HqY5AXeWEfv6TBr4udWNrzJD10P9TQmxhAIXiCUXEC+Y4r/w2MGkTkm/:J9WsHse9fvcBrnd8rzZ10eMhEChC+Ygi
                                                                                                                                                                                                          MD5:486237BC5FA41DCE8C3022B9B6221FE5
                                                                                                                                                                                                          SHA1:C00BA51895DEAB2054C6F0F7DD3CF397E119C6FE
                                                                                                                                                                                                          SHA-256:4E2C87700CCDD3B34215C6BC64AE4582AC5FF373CFD3E93E8F7D2016960BA80D
                                                                                                                                                                                                          SHA-512:5F4010D8F9B0C865DE209E90625F178C8A7370AF1F7BE85552147EBD9EE7D033B01DD5A277FB646E2D289D2821462ADBB0959E507CD0A044CE79CB1C526A385B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...x...y...x4..y...x...y./.y...y...x...y...x...y...x...y...x...y...y..y...x...y...x...y..1y...y...x...yRich...y........................PE..L...;.6c...........!.....f...N......D.....................................................@..........................B......$F..(....................|...k.......7...8..p...........................p8..@...............D............................text...[d.......f.................. ..`.rdata..t............j..............@..@.data....E...P.......8..............@....rsrc................B..............@..@.reloc...7.......8...D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-H679F.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (520), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):215333
                                                                                                                                                                                                          Entropy (8bit):4.786182096058482
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:VcIxsXTXvMeRTWJANaOOwubWiSe65oCmL/+5y/McvJVNry++Ctso2NwVWy+cOcEV:JLSRgun
                                                                                                                                                                                                          MD5:924416232DF99AEF96A2D9E8125AFE78
                                                                                                                                                                                                          SHA1:7F29A338CEFA00BE5FCDC8B94C41FFC31EE625B9
                                                                                                                                                                                                          SHA-256:77C6D324F03A8429BCE858824CFFFCFB7A50D39616D2F9D2729910E086F5AD9A
                                                                                                                                                                                                          SHA-512:470C55E302C86353584EEABB3510B4EFF6353ED16F549DB7C155B2C8283216F2B413D77C9FE20A12F6F55A07C9BE24614DF3A8F5B2CABF1597010249239D63F5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:List of CE specific functions and variables:....Global Variables:..TrainerOrigin : A variable that contains the path of the trainer that launched cheat engine (Only set when launched as a trainer)..process : A variable that contains the main modulename of the currently opened process..MainForm: The main ce gui..AddressList: The address list of the main ce gui......Global Functions:..getCEVersion(): Returns a floating point value specifying the version of cheat engine..getCheatEngineFileVersion(): Returns the full version data of the cheat engine version. A raw integer, and a table containing major, minor, release and build....getOperatingSystem(): Returns 0 if CE is running in Windows, 1 for Mac....darkMode(): Returns true if CE is running in windows Dark Mode. Has no effect on mac....activateProtection(): Prevents basic memory scanners from opening the cheat engine process (Not that useful)..enableDRM(altitude OPTIONAL, secondaryprocessid OPTIONAL ) : Prevents normal memory scanners f

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-HGJT7.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):6.561254441246199
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:OP/KrtviZQl8kimG0bj/xeRBtjajKdp2tAdNQL6aj:8/XQl823j5eRBtOjK2tGNe6aj
                                                                                                                                                                                                          MD5:735EAEA06DAE6CD67680127419FBA366
                                                                                                                                                                                                          SHA1:A38126141A4266CDBA17B22CBC4588D88CCFCEB5
                                                                                                                                                                                                          SHA-256:5A2D3E0F10E3701DFB251C3F270B00493CEAD1C3D1CEB34FF976D70C57DC1B58
                                                                                                                                                                                                          SHA-512:92374BDC99BDDDCC2A8B74049B9FF1623EE03B505BA2607E31301F95F2DF8EF3513ECAD4491E2B6B61934F64816E3E9AD3FA3B0914E96D6E55A4B4DF4ED5E028
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.....s.....N..-.........YI .....L.`0......H...Ko.Y....f....Z.pe....... ..)..3.Go...F..s.U.C....{../._U.}|.."*x..z..bn.D.>;....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-I2V54.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):205720
                                                                                                                                                                                                          Entropy (8bit):6.5406944146931805
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:KNyaW1Pg7kFtOp8+vRha0DAyheYn13qaIhRFXOucMEx33sOZrcOo:KNyal78m8+vRMEe4a4OEtTi
                                                                                                                                                                                                          MD5:6E00495955D4EFAAC2E1602EB47033EE
                                                                                                                                                                                                          SHA1:95C2998D35ADCF2814EC7C056BFBE0A0EB6A100C
                                                                                                                                                                                                          SHA-256:5E24A5FE17EC001CAB7118328A4BFF0F2577BD057206C6C886C3B7FB98E0D6D9
                                                                                                                                                                                                          SHA-512:2004D1DEF322B6DD7B129FE4FA7BBE5D42AB280B2E9E81DE806F54313A7ED7231F71B62B6138AC767288FEE796092F3397E5390E858E06E55A69B0D00F18B866
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...G ........)...........0...............................@..........................................@.......P........................g......."......................................................h............................text... ........................... ..`.data........0......................@....rdata..._...P...`...*..............@..@.bss.....)...............................CRT................................@....idata..=...........................@....edata..@...........................@..@.reloc...".......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-IV0NK.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16718264
                                                                                                                                                                                                          Entropy (8bit):6.110071636301838
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:393216:sjcp4nsiRMX7ZbqE14ImAfltGYav/HX8h:bbqE1RmLvvY
                                                                                                                                                                                                          MD5:EDEEF697CBF212B5ECFCD9C1D9A8803D
                                                                                                                                                                                                          SHA1:E90585899AE4B4385A6D0BF43C516C122E7883E2
                                                                                                                                                                                                          SHA-256:AC9BCC7813C0063BDCD36D8E4E79A59B22F6E95C2D74C65A4249C7D5319AE3F6
                                                                                                                                                                                                          SHA-512:1AAA8FC2F9FAFECBE88ABF07FBC97DC03A7C68CC1D870513E921BF3CAEAA97128583293BF5078A69AECBB93BF1E531605B36BD756984DB8D703784627D1877D1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......{..........=........@......................................e.......................................................p...........................k..................................p.|.(.......................H............................text.....{.......{................. ..`.data.........|.......{.............@....rdata...xa......za................@..@.pdata...............n..............@..@.bss.........P...........................CRT.........`.......&..............@....idata...b...p...d...(..............@....rsrc............ ..................@.../4..................................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-J47E1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):187288
                                                                                                                                                                                                          Entropy (8bit):6.46399109534477
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:XMTS4QqrM7BqUHEwXDVT6B8AF6aBBcFkLODeYJObCkEjOUkOG:XIQqrc7V5Trw6aBBcFk6CtbID4
                                                                                                                                                                                                          MD5:4A3B7C52EF32D936E3167EFC1E920AE6
                                                                                                                                                                                                          SHA1:D5D8DAA7A272547419132DDB6E666F7559DBAC04
                                                                                                                                                                                                          SHA-256:26EDE848DBA071EB76C0C0EF8E9D8AD1C53DFAB47CA9137ABC9D683032F06EBB
                                                                                                                                                                                                          SHA-512:36D7F8A0A749DE049A830CC8C8F0D3962D8DCE57B445F5F3C771A86DD11AAA10DA5F36F95E55D3DC90900E4DBDDD0DCC21052C53AA11F939DB691362C42E5312
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d../ .t| .t| .t|f.|..t|f.|_.t|f.|*.t|.B.|#.t| .u||.t|.#.|9.t|.#.|!.t|-.|!.t|.#.|!.t|Rich .t|................PE..d....d.W.........." ................t................................................f....`..........................................4.......:..(....................t...g..............8...........................p...p............................................text............................... ..`.rdata..(...........................@..@.data....K...P.......4..............@....pdata...............R..............@..@.rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-J64KJ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12502
                                                                                                                                                                                                          Entropy (8bit):5.40558493486102
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:0egHuderGTd4G9mSZk/8fdtINfbLmJFcSC5xm+9qh07EBS5pekFrLUK80u9ETxst:AHuderlSZk/8FtIF4umMqEpDg3fT
                                                                                                                                                                                                          MD5:62E1FA241D417668F7C5DA6E4009A5A6
                                                                                                                                                                                                          SHA1:F887409E3C204A87731F317A999DC7E4CC8D3FCD
                                                                                                                                                                                                          SHA-256:82E8EF7DF20A86791CEF062F2DCACB1D91B4ADC9F5DEA2FD274886BE8365B2F8
                                                                                                                                                                                                          SHA-512:2283CBB9E1D5D53AD1ED9BC9DB6034FB3C53C633B11001F373523640BBBBA95DA9A3A0866C7D5FA0620FACAB7D18C8577DFD69496FC7319E0A4A74D0B9E10C45
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--Defines:....--checkbox state defines..cbUnchecked=0..cbChecked=1..cbGrayed=2......--onMouseEvent button defines:..mbLeft=0..mbRight=1..mbMiddle=2..mbExtra1=3..mbExtra2=4......--memo scrollbar defines..ssNone=0..ssHorizontal=1..ssVertical=2..ssBoth=3..ssAutoHorizontal=4..ssAutoVertical=5..ssAutoBoth=6......bsNone=0..bsSingle=1..bsSizeable=2..bsDialog=3..bsToolWindow=4..bsSizeToolWin=5........--scan types: (fast scan methods)..fsmNotAligned=0..fsmAligned=1..fsmLastDigits=2....--rounding types..rtRounded=0..rtExtremerounded=1..rtTruncated=2....--scan options..soUnknownValue=0..soExactValue=1..soValueBetween=2..soBiggerThan=3..soSmallerThan=4..soIncreasedValue=5..soIncreasedValueBy=6..soDecreasedValue=7..soDecreasedValueBy=8..soChanged=9..soUnchanged=10......--debug variables..--Breakpoint methods:..bpmInt3=0..bpmDebugRegister=1..bpmException=2......--Breakpoint triggers:..bptExecute=0..bptAccess=1..bptWrite=2....--breakpoint continue methods:..co_run=0..co_stepinto=1..co_stepover=2....-

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-JE87D.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):122776
                                                                                                                                                                                                          Entropy (8bit):6.859839225631497
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:QyfNvGKKZVGcuasOKQBBTff07PSZHCSVKOCDCA32XQaOCKnOEPChMOE6:lNvG7vGcIiBTMS18RD7325YO/hMOr
                                                                                                                                                                                                          MD5:2A2EBE526ACE7EEA5D58E416783D9087
                                                                                                                                                                                                          SHA1:5DABE0F7586F351ADDC8AFC5585EE9F70C99E6C4
                                                                                                                                                                                                          SHA-256:E2A7DF4C380667431F4443D5E5FC43964B76C8FCB9CF4C7DB921C4140B225B42
                                                                                                                                                                                                          SHA-512:94ED0038068ABDDD108F880DF23422E21F9808CE04A0D14299AACC5D573521F52626C0C2752B314CDA976F64DE52C4D5BCAC0158B37D43AFB9BC345F31FDBBC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h...h...h...:U..h...:D..h...:R..h..|....h...h...h...:[..h...:@..h..Rich.h..........PE..L...}..S...........!.........j.......K....... .......................................d....@..................................L..<....................x...g...........!..............................XB..@............ ..|............................text............................... ..`.rdata...5... ...6..................@..@.data...<0...`.......D..............@....rsrc................X..............@..@.reloc..h............Z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-JEI5U.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):36018
                                                                                                                                                                                                          Entropy (8bit):7.994007484272608
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:9vQvLQOAupOW0bBJ8RkEgh+zhlrKlfaMfToatTCCRFxg4Oaun:9Yv1bpOW0bBJ8goVUsMfcUvzOaun
                                                                                                                                                                                                          MD5:927EF77EFDA84808C9088632C76843E5
                                                                                                                                                                                                          SHA1:AA73E4C27F8A00DF4C9B8BD05088D483B5F8FF9B
                                                                                                                                                                                                          SHA-256:422A2989BABB5E9512C98B3FA24C4F5A0BA9A72C3C71A920C5F979316E1674C7
                                                                                                                                                                                                          SHA-512:98B6BA444008B5978D65FA83487465D700D6EEE721CE8990F1D2E034945F7650E7031E4B9E18C945FE81C6919E5213750DC4E2D86829988E25A3B237559E90E8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:CEPACK......|T.0~v.$9I69.$.$@.`.F..%.!.$....]"$`.t]..p.`%.x...a....R.....^.X..B........6...j......3gw...{.....|...{..3.<3..3..<3)...g.8....q\3...s...=.K...d...?.h6,...<.m..P...<.H.......$e|.........0.hiE.#?Z...II..a.?<p1..s.......1....hc....M...;..6:X|..Y.yc.sob...A<.....[l..~....#t....x....q...........q1.<1Q...X....l.g...u.....S...l..b..F...}......>.:_2.c....H.|0LPs..G...5..}@z...3.u..~o]G".....]..c.:.}......5..?.k..V......?...D.....o.-.......[N.)...K|2..E.f...(3..I.#..E.....3...O.Gv.R.U.....&."..y9-5...4..!.q'......%...!..N-....d.r-U..3,..3........'.0;..h....G.....IN...M...x(.,`M...t.C...?.,4..+...@...4-.>....;>.x(..K.&.B...4.IR..@RK....$-....R..g.Z*4:...R.@...Ry.J..M.q.u.hb....s%....A.r...2S.. .;.v...&....h.......4.[.._..[b(ih..@.}zi..N.K.....'u..$i.V.BR.[....F.I.....A&..........e,..)...P.%.Ui..|.oP.B..0&../_..R..N..(3...(.~9....2z...a.h.[O.h...S..[..S..F...a..v...83E9....U..~.@..b#c.;..YN %..m....E1D.t.d 6......h%....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-JFS2A.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):262552
                                                                                                                                                                                                          Entropy (8bit):6.029187209935358
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:JViiO5Ea9m3XJusq4opSm7Im9SC2w/iKhF58jfq65bgusSVIRZOl0vDoD4CfOMsj:JVZcWJusRPm7kCdKfkkApZt
                                                                                                                                                                                                          MD5:19B2050B660A4F9FCB71C93853F2E79C
                                                                                                                                                                                                          SHA1:5FFA886FA019FCD20008E8820A0939C09A62407A
                                                                                                                                                                                                          SHA-256:5421B570FBC1165D7794C08279E311672DC4F42CB7AE1CBDDCD7EEA0B1136FFF
                                                                                                                                                                                                          SHA-512:A93E47387AB0D327B71C3045B3964C7586D0E03DDDB2E692F6671FB99659E829591D5F23CE7A95683D82D239BA7D11FB5A123834629A53DE5CE5DBA6AA714A9A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...G O......h...`...............................................J^..................................................@.......P............`...-.......g..........................................................P................................text... O.......P.................. ..`.data........`.......T..............@....rdata..l............n..............@..@.pdata...-...`.......F..............@..@.bss....h................................CRT.................t..............@....idata...............v..............@....edata..@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-KIRLN.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):6.551821770808043
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:SNjBeQx+FGOujzBAk+skvy2a4nfJKnBTa6C:+jkk+dsAk+Fzag+BTab
                                                                                                                                                                                                          MD5:ADAFB7CDCA51FC803718F25172652DD3
                                                                                                                                                                                                          SHA1:DD882B60A842B0992F478349898415A857934330
                                                                                                                                                                                                          SHA-256:B1B61B2570DBAF2747C4862B8429424514D300A7E14B5065C8BBB4B751179E7E
                                                                                                                                                                                                          SHA-512:D0B3D17F0F1EFB8F2F0BCAA1295AED08043F0218BCFA092A47D46308911EC4BC2441711CAB300B852DE3DBCED1C83536750B1A77A75EAE5C8CBF95991AA88714
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.CaG.(9......q.5..4S..%..+...U*.>{5.......M.....-..kF.....7.."z..W.Lc...."6/.V.N..p.YC?...:m.D.k.T....u.0...c.U.h...\;1`.`B..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-KK00S.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):210336
                                                                                                                                                                                                          Entropy (8bit):6.575377720318411
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:vWMJUr2f2Im9kj/FqgmHpJ1/YCVuIB9Vxv7bn1UC9gfkCeEWHFP0jHzP0Q:vWc02f2R6FqgoJ1boIPRUsfGjQQ
                                                                                                                                                                                                          MD5:A2C0B5D0D9E5C2A2C774E8B587850447
                                                                                                                                                                                                          SHA1:C8AA4CB01676D57B34AAB22C7FD018B63DFF6892
                                                                                                                                                                                                          SHA-256:F0F3D0FAD632D9DDAC8FF0B4EAEC20094FA0F9ABDDF784954DFBB0723A997F21
                                                                                                                                                                                                          SHA-512:85F4AEB562424ABF0E2BC5EDE0CDF0052FBB15E7DF70F691C11B06171A8A45A6672C2C688CD5B6FFEBEE16C36FDAC7978E39CA04F8C29F75D588D2ACA3599395
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..........rZ.....rX.:..................rY....f.`..........(......(.T....(......Rich...........PE..d....(.c..........".................<X.........@....................................^.....`.................................................L...x........................k..............p...............................................(............................text............................... ..`.rdata..............................@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-KL9VH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):332704
                                                                                                                                                                                                          Entropy (8bit):6.512223997122371
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:UokW02RSGoOZQcW2jS95cM0EsZjv8trtH3Vizwy:ZkW02RsOKcWnDdMv8trtX0
                                                                                                                                                                                                          MD5:E9B5905D495A88ADBC12C811785E72EC
                                                                                                                                                                                                          SHA1:CA0546646986AAB770C7CF2E723C736777802880
                                                                                                                                                                                                          SHA-256:3EB9CD27035D4193E32E271778643F3ACB2BA73341D87FD8BB18D99AF3DFFDEA
                                                                                                                                                                                                          SHA-512:4124180B118149C25F8EA8DBBB2912B4BD56B43F695BF0FF9C6CCC95ADE388F1BE7D440A791D49E4D5C9C350EA113CF65F839A3C47D705533716ACC53DD038F8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........D(..$-..................................................P...........................................d........................k.......:..................................................P................................text............................... ..`.data...D(.......*..................@....rdata..............................@..@.bss....$-...p...........................CRT.................Z..............@....idata...............\..............@....edata...............j..............@..@.reloc...:.......<...l..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-N38VJ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):16708024
                                                                                                                                                                                                          Entropy (8bit):6.11289505731243
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:H/KthjnNWKtC5bqOrXSFjmnIQGQCW/4PRtYRN3Ticx8cP:fKthjnNWKtC5bqOrXSjmnxGQaTdy8c
                                                                                                                                                                                                          MD5:910DE25BD63B5DA521FC0B598920C4EC
                                                                                                                                                                                                          SHA1:94A15930AAF99F12B349BE80924857673CDC8566
                                                                                                                                                                                                          SHA-256:8CAEF5000B57BCA014EF33E962DF4FCA21AEAD0664892724674619EF732440AD
                                                                                                                                                                                                          SHA-512:6FF910BB4912FEA1FA8FD91E47AE6348C8BF2EFF4F2F5F9EF646A775CA1ECFEF02C23F81BAF6FE2D0B0BDDA7617D91DF52E75DC6063E86EA0444B0538CBD4E6C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......{.....@....=........@......................................!.......................................................P...............p..L........k..................................p.{.(....................i..H............................text.....{.......{................. ..`.data.........{.......{.............@....rdata...qa......ra................@..@.pdata..L....p.......F..............@..@.bss....@....0...........................CRT.........@......................@....idata...b...P...d..................@....rsrc............ ...d..............@.../4......(...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-NOICI.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):202648
                                                                                                                                                                                                          Entropy (8bit):6.566120700945174
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:fr03mcDwt5b2+z615yQ7SLVTnyJYpgerOEmgsRBZnwO4oO8:fg3mrHb2+z615yQ7GnyOpFOEFKD2G
                                                                                                                                                                                                          MD5:9F50134C8BE9AF59F371F607A6DAA0B6
                                                                                                                                                                                                          SHA1:6584B98172CBC4916A7E5CA8D5788493F85F24A7
                                                                                                                                                                                                          SHA-256:DD07117ED80546F23D37F8023E992DE560A1F55A76D1EB6DFD9D55BAA5E3DAD6
                                                                                                                                                                                                          SHA-512:5CCAFA2B0E2D20034168EE9A79E8EFFF64F12F5247F6772815EF4CB9EE56F245A06B088247222C5A3789AE2DCEFADBC2C15DF4FF5196028857F92B9992B094E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........d....*........... ...............................@......D...........................................P........................g.......#......................................................d............................text............................... ..`.data...d.... ......................@....rdata..,c...@...d..................@..@.bss.....*...............................CRT.................~..............@....idata..............................@....edata..............................@..@.reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-O59N1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):140696
                                                                                                                                                                                                          Entropy (8bit):6.856834819192468
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:onOLYqoZQBD3m7bmVLcuVGpGXlWXQznQN8erRxQEmsYOT1GlERbo3iV8n/7DkCWy:o4YqoZNHi7VBAXvXMZ7ll3iyn3WOR3Oc
                                                                                                                                                                                                          MD5:42E2BF4210F8126E3D655218BD2AF2E4
                                                                                                                                                                                                          SHA1:78EFCB9138EB0C800451CF2BCC10E92A3ADF5B72
                                                                                                                                                                                                          SHA-256:1E30126BADFFFB231A605C6764DD98895208779EF440EA20015AB560263DD288
                                                                                                                                                                                                          SHA-512:C985988D0832CE26337F774B160AC369F2957C306A1D82FBBFFE87D9062AE5F3AF3C1209768CD574182669CD4495DBA26B6F1388814C0724A7812218B0B8DC74
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.u...&...&...&.@r&...&.@d&...&.@c&...&=.,&...&2@{&...&...&...&.@m&...&.@u&...&.@v&...&Rich...&........................PE..L...~..S...........!.....@...z......*l.......P......................................x.....@.........................`...G...l...P........................g...........Q.................................@............P..X............................text....>.......@.................. ..`.rdata...E...P...F...D..............@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-OIUJN.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):33688
                                                                                                                                                                                                          Entropy (8bit):7.20956664617613
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:zVYdpNkp9TvDXy2XmVEV3GPkjVvDXy2ulqwVEV3GPkjL:zVY1+nCDOEECDbOEw
                                                                                                                                                                                                          MD5:4ACE42D6530AF699FEB2372F805A6A40
                                                                                                                                                                                                          SHA1:FB8C7352808F104E851468F25D0DD14A25B8CFCA
                                                                                                                                                                                                          SHA-256:13DCE393B59B9EF4A5D4FCDC27267D018B350BDC44A62AACC5DBC7F1DF7F7A1C
                                                                                                                                                                                                          SHA-512:8BB770F304CD8BA23FB2A64370D74AC3FDC134235FF39802983B9BABDE12AB00E49A746F3C2113520F0E135CDFD1473C0B4B64272279D13E576912126AA556D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0............."3... ...@....... ....................................`..................................2..O....@...................g...`...... 2..8............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H........"..............................................................R..{....o.....o....&*&...}....*..0............r...p(......,.....r...po.......8.....{.....o......{....r...p(........,..{.....{....o.....r;..p(.......{..........%...o......o....o...........,e....+F....o......o....o........(....rI..p.o......o....o....(....o........X.....o....o..........-...+....+..*..(.......s ...}.....{.....o!.....{.....o"....*.0............|....(#.....,..|....($....*....0..............(%..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-ONG59.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):131480
                                                                                                                                                                                                          Entropy (8bit):6.84563405497219
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:jRXPVJPMo10+PfXl/IRTlsfQstLh66crJWeWyPCUpfrCWV13P1+CUOEvCvOEMI7:BdJPMlMb1g6e0dU9rf3P7UObvOja
                                                                                                                                                                                                          MD5:43DAC1F3CA6B48263029B348111E3255
                                                                                                                                                                                                          SHA1:9E399FDDC2A256292A07B5C3A16B1C8BDD8DA5C1
                                                                                                                                                                                                          SHA-256:148F12445F11A50EFBD23509139BF06A47D453E8514733B5A15868D10CC6E066
                                                                                                                                                                                                          SHA-512:6E77A429923B503FC08895995EB8817E36145169C2937DACC2DA92B846F45101846E98191AEB4F0F2F13FFF05D0836AA658F505A04208188278718166C5E3032
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[.;.:.h.:.h.:.h.h4h.:.h.h"h.:.h.h%h.:.hN.jh.:.hAh=h.:.h.:.h.:.h.h+h.:.h.h3h.:.h.h0h.:.hRich.:.h........................PE..L...~..S...........!.........h......wd.......@......................................EA....@.........................pr..G....j..P........................g......d....A..............................._..@............@..X............................text....,.......................... ..`.rdata...3...@...4...2..............@..@.data....0...........f..............@....rsrc................|..............@..@.reloc..$............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-P2ENR.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):140184
                                                                                                                                                                                                          Entropy (8bit):6.5832665674944435
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:6UoPePVhoZB34/UWFdQomnRepTPFn35eoONSO2:j8ZBvWrnmnR2Un+
                                                                                                                                                                                                          MD5:61BA5199C4E601FA6340E46BEF0DFF2D
                                                                                                                                                                                                          SHA1:7C1A51D6D75B001BA1ACDE2ACB0919B939B392C3
                                                                                                                                                                                                          SHA-256:8783F06F7B123E16042BB0AF91FF196B698D3CD2AA930E3EA97CFC553D9FC0F4
                                                                                                                                                                                                          SHA-512:8CE180A622A5788BB66C5F3A4ABFDE62C858E86962F29091E9C157753088DDC826C67C51FF26567BFE2B75737897F14E6BB17EC89F52B525F6577097F1647D31
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.k6...e...e...e...e{..e...e...e...e9..e...e...e..e...e...es..e...e...e...e...e...e...eRich...e........PE..d...p..S.........." .....4...........b....................................... .......1....@......................................... ...b...D...P........................g......h...@S...............................................P...............................text....2.......4.................. ..`.rdata...L...P...N...8..............@..@.data....<..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-PDFMG.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):201
                                                                                                                                                                                                          Entropy (8bit):4.465403493165412
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:JW4+sNv/lQBAHpbs/UcUFJKPACcAE8J6Xv:JB+slzs/tUrKcbXv
                                                                                                                                                                                                          MD5:62771A63FDC87764BFF87D82918AB02A
                                                                                                                                                                                                          SHA1:8E468DED8CED87A10470BD5594337A854FF344BA
                                                                                                                                                                                                          SHA-256:5C16124BA0B39214BECB1AF4161BD82147AD8468879A3FD8E9FACC656A1D2E6F
                                                                                                                                                                                                          SHA-512:8D1792B712504336CAC0B175146F2B7EAEDA043BD3941C7B7C54CF926A4BA4835F0EFF7A2AD5C7B5509F80E7420C3F5F94200D4C3F922DB92B807E20E09A84D0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--This lua script gets loaded when Cheat Engine loads..--You can use this to define some often used functions and libraries you'd like to use....require("defines")....--for documentation read celua.txt

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-PGEV4.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):183200
                                                                                                                                                                                                          Entropy (8bit):6.842191242335636
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:KAm/u5ImKJacvUOQC2mCDiGuTEG2BiERGNcCYOqtwyROYeoHVP0bkHnP0z:Niu5MJa9hZun2BiERaEwyOM2Qsz
                                                                                                                                                                                                          MD5:F1C9C9A8B035DA9385D88CA34CD49305
                                                                                                                                                                                                          SHA1:77E48F73C224949EC8BD8A32087609B7BF217E94
                                                                                                                                                                                                          SHA-256:4168D6408994A297665AEEA68ABB6C062D58EA00851751959557E7F8A8BAC17D
                                                                                                                                                                                                          SHA-512:D7BD2FC8592E18CA46CDF1DC74496CF3CB5EF991F4BD9E141DEEABA0F665E731A5953CAAF1CD39859817EB6D0C1B77700FE08EEED15320757B3FA36D798C4C7B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......cK..'*..'*..'*....[.-*....Y..*..uB...*..uB..6*..uB..5*....X.=*....a.,*..'*..V*...C..!*...CU.&*...C..&*..Rich'*..................PE..L....(.c............................$U............@.................................(D....@..................................F..x....p...............`...k......d....7..p............................7..@............................................text............................... ..`.rdata..^...........................@..@.data........P.......@..............@....rsrc........p.......J..............@..@.reloc..d............L..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-PKGDH.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):266648
                                                                                                                                                                                                          Entropy (8bit):6.017604835530295
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:KK2iOI60nWU4NJ4twEywGLOJQbcOL9z32fY8iV1OQfkz5w4Q7hk1D2oOyPOP:KKu0WU4J0w6xJkBAY8i7fkaThkA4g
                                                                                                                                                                                                          MD5:DD71848B5BBD150E22E84238CF985AF0
                                                                                                                                                                                                          SHA1:35C7AA128D47710CFDB15BB6809A20DBD0F916D8
                                                                                                                                                                                                          SHA-256:253D18D0D835F482E6ABBAF716855580EB8FE789292C937301E4D60EAD29531D
                                                                                                                                                                                                          SHA-512:0CBF35C9D7B09FB57D8A9079EAB726A3891393F12AEE8B43E01D1D979509E755B74C0FB677F8F2DFAB6B2E34A141F65D0CFBFE57BDA0BF7482841AD31ACE7790
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".... Z..........`........................................ .......U..........................................................P............p.. ........g......0...................................................@................................text... Z.......\.................. ..`.data........p.......`..............@....rdata...............z..............@..@.pdata.. ....p...0...T..............@..@.bss.....................................CRT................................@....idata..............................@....edata..............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-PSA9P.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):423328
                                                                                                                                                                                                          Entropy (8bit):6.077270660749132
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:gLJXTQOQV/MzZTixW5GmL7HOf0ADMTE21gFOpJz:Q+V/M9WWnL7HOf0ADMIuR
                                                                                                                                                                                                          MD5:8D487547F1664995E8C47EC2CA6D71FE
                                                                                                                                                                                                          SHA1:D29255653AE831F298A54C6FA142FB64E984E802
                                                                                                                                                                                                          SHA-256:F50BAF9DC3CD6B925758077EC85708DB2712999B9027CC632F57D1E6C588DF21
                                                                                                                                                                                                          SHA-512:79C230CFE8907DF9DA92607A2C1ACE0523A36C3A13296CB0265329208EDC453E293D7FBEDBD5410DECF81D20A7FE361FDEBDDADBC1DC63C96130B0BEDF5B1D8A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........6...2...................................................................................................p.......P..d................H.......k..........................................................LT...............................text............................... ..`.data....6.......8..................@....rdata...V...P...X...4..............@..@.pdata...H.......J..................@..@.bss.....2...............................CRT.........@......................@....idata.......P......................@....edata.......p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-Q08M3.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28924
                                                                                                                                                                                                          Entropy (8bit):7.991784495689372
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:SSHnnhPVVYCzrpCuqOMWlPLe1uvY1R78Occgok:SSHnnJDXZY1RgOccK
                                                                                                                                                                                                          MD5:FE3637780172B207CB31BB3DC612CD34
                                                                                                                                                                                                          SHA1:B65FA4078DCB813EBBA16784C80BC7A0E71025DD
                                                                                                                                                                                                          SHA-256:080A0AE9634FB07F2E9B1DDEA31491564195865DCD2B6201E1A10A13E8CDD5E9
                                                                                                                                                                                                          SHA-512:8F1DA48E6F224B7E7E6EF26D11D3C484A254E9A335DA9E59B837A81F9B7DB501039F31EF9AD055A07BB139BC1147C114923742C3204156AE3371A0F225A433CC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:CEPACK......x.E.0..$.0I..`.........M......&...!.w...eC7.J .q.)Zq..u..^Y...z..+?.8C0!..T@A.k......0..s.g.......<....%.tuU.:u...SU..+...9.......3......./}...WS.....).{.Y....g..?....?...L...C9..Os..iN."w.O~..[..Rsc8~.u....3.....<s....L+s...+...3.3...............3s.{..^.s-..'.-0%r.n..2...%.F.R8.I..a.LxX..|...=...ci...cb....&.v41@..t...gy..V.7..a.....r..\..k...\j...o..Z/.{..#..Xc......xPz..2...>.~.....:n5...7..x.....Z.....n..+.....h.....t............W....j.8..m.s.k/.e\..Jc}.. W......:8z....C.i[s..9..qz.........[Z6.~.k..7....!...Tk....u...;8m3.U....|.y_.+x...A..f@6...p........I.....z..<.p.L.@.K?.a.0..O....... ..f..d0.w.>N-..E.w...L.-.b.g....{..K@.....gf.T (>.&.c..)o)7aQ#$.<.@2;.Y.......u.Wu.-....J.\hv.j..V..,.Kv.2.s.N...g.X......mf@P.....k....Q..../...Fj.5.........X{h............r...`.q+U.\.=..,Yf..).....dV..a..m.@..'iQVP....e..3.../v`@{ ..<C&...||........3..7....<.)....u+6:2.V..{......B.]ibU.r.........H*.ea..M.E.ct.m.r.+}f..X2 . ...

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-R4GE2.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):399264
                                                                                                                                                                                                          Entropy (8bit):6.025523802176381
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:G0N02KsbnIU70vYrRHAjC0Y0glwgugEnoSE5jq:U2tIUYArRv0Y0glwgugEnoSE5jq
                                                                                                                                                                                                          MD5:F921416197C2AE407D53BA5712C3930A
                                                                                                                                                                                                          SHA1:6A7DAA7372E93C48758B9752C8A5A673B525632B
                                                                                                                                                                                                          SHA-256:E31B233DDF070798CC0381CC6285F6F79EA0C17B99737F7547618DCFD36CDC0E
                                                                                                                                                                                                          SHA-512:0139EFB76C2107D0497BE9910836D7C19329E4399AA8D46BBE17AE63D56AB73004C51B650CE38D79681C22C2D1B77078A7D7185431882BAF3E7BEF473AC95DCE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.......................P....)...-................@.......................... ..................................................d........................k..................................P.......................0................................text...P........................... ..`.data....).......*..................@....rdata.............................@..@.bss.....-...............................CRT................................@....idata..............................@....rsrc...............................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-R9IVV.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4210080
                                                                                                                                                                                                          Entropy (8bit):6.041283402178925
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:aMiOO5AqojVbq2s2Kyvzq/9E3piKR+77v5WiESldKtyQ6WuDgRPOjgy+OSijV:aMiOOaBbq2VVvnlykESip
                                                                                                                                                                                                          MD5:AEC662CEAE2C4D5ABAEEEE084D828582
                                                                                                                                                                                                          SHA1:A57CEB95E3FD3F8E8C59C0B7E913E2681B64751D
                                                                                                                                                                                                          SHA-256:2DD35A044D1291D593F1DA15C40FD124DA3E4D52D0D045EC61465B725E58079D
                                                                                                                                                                                                          SHA-512:FF28EB79795A6D4AD97A5C79CEB5314208C616BE7CC9196622B9BB2AB8149C6CAA166EED6165923DC8FA253A400422CBEE9E061E72DCF61CE66C700D1451AE7A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................./.......#..m......-........................................@...... A......................................................@=.......=......0:.Ta....?..k..................................p.$.(....................O=..............................text.....#.......#................. ..`.data....m....$..n....#.............@....rdata.......p*......b*.............@..@.pdata..Ta...0:..b....:.............@..@.bss.........<..........................CRT.........0=......~<.............@....idata..@>...@=..@....<.............@....rsrc.........=.......<.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-RQRMM.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):268704
                                                                                                                                                                                                          Entropy (8bit):5.837891086948313
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:0drkqKo/nt7PrwnoK0M6EZgugEkkoSE5O7Z3LLr:6rkm9mP6EZgugEnoSE5OB
                                                                                                                                                                                                          MD5:9A4D1B5154194EA0C42EFEBEB73F318F
                                                                                                                                                                                                          SHA1:220F8AF8B91D3C7B64140CBB5D9337D7ED277EDB
                                                                                                                                                                                                          SHA-256:2F3214F799B0F0A2F3955DBDC64C7E7C0E216F1A09D2C1AD5D0A99921782E363
                                                                                                                                                                                                          SHA-512:6EEF3254FC24079751FC8C38DDA9A8E44840E5A4DF1FF5ADF076E4BE87127075A7FEA59BA7EF9B901AAF10EB64F881FC8FB306C2625140169665DD3991E5C25B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...............................d)..`........ ....@.................................:8..........................................d........................k...................................3.......................................................text............................... ..`.data........ ......................@....rdata...g...@...h...(..............@..@.bss....d)...............................CRT................................@....idata..N...........................@....rsrc...............................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-RTEI5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):127384
                                                                                                                                                                                                          Entropy (8bit):6.856313478886397
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:yq8Iw0TnMfrUEuKo+w/lT35oBqhSw3kmuqW3Crf0d3N1NsCeOEy6jCMpOEsC:yq8IdTMTyXUR2JJry3NreOnMpOu
                                                                                                                                                                                                          MD5:5F1A333671BF167730ED5F70C2C18008
                                                                                                                                                                                                          SHA1:C8233BBC6178BA646252C6566789B82A3296CAB5
                                                                                                                                                                                                          SHA-256:FD2A2B4FE4504C56347C35F24D566CC0510E81706175395D0A2BA26A013C4DAF
                                                                                                                                                                                                          SHA-512:6986D93E680B3776EB5700143FC35D60CA9DBBDF83498F8731C673F9FD77C8699A24A4849DB2A273AA991B8289E4D6C3142BBDE77E11F2FAF603DF43E8FEA105
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[.;.:.h.:.h.:.h.h8h.:.h.h.h.:.h.h)h.:.hN.fh.:.hAh1h.:.h.:.h.:.h.h'h.:.h.h?h.:.h.h<h.:.hRich.:.h........................PE..L...}..S...........!.........j......#T.......0......................................r.....@..........................c..b....Z..P........................g......<....1..............................(P..@............0..`............................text............................... ..`.rdata..r4...0...6... ..............@..@.data....0...p.......V..............@....rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-RVHMQ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):446368
                                                                                                                                                                                                          Entropy (8bit):6.635233277412147
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:aSn7zUunHkqypGYKKOyt8GMyKw0ORVdPpEPwkdRHhvOOZoU/wC/cQBi4Blb:nzU8E9GDWKMRPAZhvpoUOo
                                                                                                                                                                                                          MD5:069EC7832ADBF93BD04A91B07FF00D78
                                                                                                                                                                                                          SHA1:5ED84D13FFCEF487EB039CD75DE91294C25ED0CC
                                                                                                                                                                                                          SHA-256:8C8C608AE67F8B8A4E56DAF2EDEA1A92CBA6866D4F324BD0E5AD1284126849A7
                                                                                                                                                                                                          SHA-512:D9E9D40DE2509B112762ADE7EF0BB6DB91EB5687AE6EA9689ABD7A7AF8BA601297655587EEF34F7D1DAC62D77E5B586BE71B19F044EBF53028CFE90DDCE776F8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................8...Fk...................................................S...........Rich...........................PE..d...=.6c.........." ......................................................................`..........................................'.......*..(................1...d...k..............p............................................................................text...`........................... ..`.rdata...3.......4..................@..@.data....X...@......................@....pdata...1.......2...(..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-U6G2I.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):55173
                                                                                                                                                                                                          Entropy (8bit):7.995644990698608
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:1536:aPQbr8Hv6jZwnB8K5vHTcM2b9+lmFD/cEt1kbD5F:Tbr8Hv6ji75vHTx9kD/cquP
                                                                                                                                                                                                          MD5:3885F7AF9007DF5A9874E61EDBB45F58
                                                                                                                                                                                                          SHA1:F7A7719E5A9036604CC64922FF2DC4FD40D253DD
                                                                                                                                                                                                          SHA-256:52EAA08C57AA0BA9737ED4413786DAB747DF4C692F34BF601D4FB0B37F231D08
                                                                                                                                                                                                          SHA-512:CAFF16F4171D205A1B44B18651FBA7B72D33F7FDD657C5EBA44853B26929B3F48749D9C5B07F158EA903D41C09A905D27D0A4E3D7B6228550B8C255FC64D5A3D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:CEPACK.....{|SE.8~o...4$"..."...JQ.P.Z..[.*j}.E.VE..j]A[[.1........oD..)E[\.........1..."".....4e..........;....3g.9.V-O.47<..i./.........b..B...i....gB.EW.k....+'_..2....../.......E...N9=x..S.....D..>...W...g......Wr)../.s....C...}=..6.b.s[..~.?y...w.........i.M..t{.B..6..>.../W...0..k._;.*.........4.&.].....G....E.y....t....O..Wmj.K.P..ti...e...X`...I..k%;.3u....ow..D..E...:.h..D..E...r...dM.{WNS...%z...y..i...?5:..V.....F.:B]...=.gz.O.?..l.F.@.=G.....\9m..S4n.h+.wF........l..6[..W..f*........*....W..pr]X..z+..t:.......5;......a.Y.u..R.{..f......X4Tx....o2..._.1o........d7.....g.......~.....XG_.._1c....}.......|.........*0.u....-.u..N.*.y=.~..:x5..C.k....j.A.HIuQ4...cZ./.6}.X........;.:5.....0?.N.*`....x.......l..w...BEf|F..GC.h....oe....V2..B.Y...b......'.....*.q$6..k.7@M1x...i..o.Y.M....N+.N.1..x.~.r...............Qa...a..].p...._....d..$L....g..Nn.SQ[.......Mb..b|y...}....%v1....D].,Jji..(Q.h..M..G.q...[B.h.j.y`

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-UDKLJ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):206232
                                                                                                                                                                                                          Entropy (8bit):6.577803539808585
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:ZyuXZus0fJ34+UZQ5IvR2diworEdVpRmY:nXZgV4dkIJfrEdVt
                                                                                                                                                                                                          MD5:DE625AF5CF4822DB08035CC897F0B9F2
                                                                                                                                                                                                          SHA1:4440B060C1FA070EB5D61EA9AADDA11E4120D325
                                                                                                                                                                                                          SHA-256:3CDB85EE83EF12802EFDFC9314E863D4696BE70530B31E7958C185FC4D6A9B38
                                                                                                                                                                                                          SHA-512:19B22F43441E8BC72507BE850A8154321C20B7351669D15AF726145C0D34805C7DF58F9DC64A29272A4811268308E503E9840F06E51CCDCB33AFD61258339099
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........t...D)..0........ ...............................@..................................................P........................g.......#...................................................................................text............................... ..`.data...t.... ......................@....rdata..0d...@...f... ..............@..@.bss....D)...............................CRT................................@....idata..............................@....rsrc...............................@....reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-ULJII.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1112834
                                                                                                                                                                                                          Entropy (8bit):7.995534990823338
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:24576:H1XCCswrgMlbH4v3Cj6N3yHORtmV7VJPX/uPQDNDcpLwBlxaZm5g5Gvh6at0:ACRlbHhj6N3vR4Vt/uSN2L6LaZAgcvHC
                                                                                                                                                                                                          MD5:38B22DEDFBCAFE1376ACEB7A0722FB8F
                                                                                                                                                                                                          SHA1:6C96AA4E7C71C82A82951443BA6DAE9019601E55
                                                                                                                                                                                                          SHA-256:F092D81531B8603A52F70245D041E2C43B020280BD9F358172330FF405E451CD
                                                                                                                                                                                                          SHA-512:135EF19161572A57AE1BC618C6CC7FDE889BD1A5C88E6125080C3712E7F0AE96F2A9B7728765C1B115F91CE48200CA47CA0C43E31625CBD11DFFA181610F03CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:CEPACK..&..}|T.7~Nf.L...@..".2(..Di....M#.....(meJ.(7...'..'.f.0.k..V.....k...QQf...HqB(N.b@jO.T..&C.2...93.....y>...=s.w.....k...R..zN.q...H..8._....U.3i.[...i.........5{K.3.-.....|...g.{cv..t....^..U..yb..'...4JD.[...I...t.x]f...c.y#8.....U..;I.....ro....M..Qo..?&.....g......|.?.^w#......%@OV.wO....r.x..7.#.PFJP...B...9n.O|..-.F>.w....1...[.....^6..q......p..~{.V..<-Xp.z..z....m..........=5......n.......}..).....x...........,.m...0......1.....>..^._d...~...<.........b=...62...L.g1x6...lf.B./fp...0x)..1.....\.....a.j..c.z.o`..........v..`p9...\..Z..dp=.w1.E..a.^..c.~..`p...2......a....3...>..b...g......V.... ....bp...Q..3..`#.M..dp..g38..f./d.b..2x...2x.........^.....f.z.o`..........v..`p9...\..Z..dp=.w1.E..e.>..g...70. ...|.....ap;.;..c.)...|......`.....2x..!.....c.7...62...L.g1x6...lf.B./fp...0x)..1.....\.....a.j..c.z.o`..........v..`p9...\..Z..dp=.w1.E..a.^..c.~..`p...2......a....3...>..b...g......V.... ....bp...q..3..`#.M..dp..g38..f./d.b..2x...2x...

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-UO5CC.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):443296
                                                                                                                                                                                                          Entropy (8bit):6.630155817797785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:bdQpG4IhjOSudLX4PGUGTdVwYr9ABfpMqYFOso5WMKYnTrLxWAld/wydfCigAA:apG4w5upwGTv9GWov1nlVAV
                                                                                                                                                                                                          MD5:0C7D89B75430A40824A5D7B79890324E
                                                                                                                                                                                                          SHA1:7E03E3D5386B1ED49104C3B35E44A545863BCBB9
                                                                                                                                                                                                          SHA-256:6B21B24279309F4117F8E39CDAF940F645C15D92442990A77655C8F898BB2227
                                                                                                                                                                                                          SHA-512:31453A2575FD7674AC7802DC8F740C79D357AD3464869F6EFD5E4A3892114EE9767715EBCA0D39E5B39CA8DA7BFED7E671D3EB24DBFB698C57ECA196D4FDFC85
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.mD............i.......i.......i........K......^.......^.......^.......i...........R...................................Rich............PE..d...8.6c.........." ................ %..............................................`{....`.........................................`........!..(................1...X...k...... .......p............................................................................text............................... ..`.rdata...).......*..................@..@.data...RX...0......................@....pdata...1.......2..................@..@.rsrc................N..............@..@.reloc.. ............P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\is-VPM6Q.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):455072
                                                                                                                                                                                                          Entropy (8bit):6.627282046325032
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:8NqQopGY6gsnGubx5JbmZl2Wjm+9498RkaGlef/AYbAPrqEThN0dWI/mo1pdUMMe:fQoIfvxCc64fauA0lhydIo1AfDW
                                                                                                                                                                                                          MD5:E8DFC0D2D41483C7725E4EBB7E32D324
                                                                                                                                                                                                          SHA1:B2890C91EFBA390B68E481CD2EE311136B740EDE
                                                                                                                                                                                                          SHA-256:1172F2D7B1FB34408C8FFC248E3E719922843EA07BD5B409BE3405D1C300B3F7
                                                                                                                                                                                                          SHA-512:539A1BD18D4753D69756B9B7E6603DD6E7A3F354CA002DECE206F7E2F1E2792704F3D80F38B37C0C41F16A1FD9DE32CC4DD5873959D762C5AA13388715EE7803
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................8...Fi...................................................Q...........Rich...........PE..d...5.6c.........." ................P5...............................................h....`..........................................<.......?..(...............d2.......k..............p...........................p................................................text............................... ..`.rdata...8.......:..................@..@.data....X...P.......<..............@....pdata..d2.......4...H..............@..@.rsrc................|..............@..@.reloc...............~..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\How to add languages.txt (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1767
                                                                                                                                                                                                          Entropy (8bit):4.60229123925247
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:vWKOiRBBMn0KciKvm/QRQY0cCu9llVyZVkFNS5Ns:ZqsRWQb91/NS5Ns
                                                                                                                                                                                                          MD5:05E8F84A134363796895E8AB8089619A
                                                                                                                                                                                                          SHA1:D6925DDDE83B117D7310C4A257DD9EE444245612
                                                                                                                                                                                                          SHA-256:D8462C8704A83973632D5F38D36F7852BF78D8A81C43BBC2F5AC8FF3A4D8B658
                                                                                                                                                                                                          SHA-512:C63F273EDB9411AA15F6B0C94C5FDE7189A33DCBD50141BB85D3BD31A4A009B1E5F6CF93E10A4300A39F0431452C49070C37D5907965CE49CCB4CED4BFB70EBA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:create a language folder for your country (appropriate folder names are in the format of: en_US, nl_NL, ru_RU, etc...)..copy the .po files to the appropriate folder and then start editing ......Order of picking:.. if there is a cheatengine.po it will pick that, else cheatengine-x86_64.po and if that fails cheatengine-i386.po.. the 32-bit version can work perfectly fine with the 64-bit po.... Same for the tutorial......By default it picks the system language, but you can overide this by adding --LANG langstr or -l langstr to the parameters of Cheat Engine......editing po files...There are some po editing tools but you can also do it by hand..msgid contains the original string and msgstr contains the translated string...If msgstr is empty the original string will be shown....Certain strings are not present in the cheatengine.po file, but are present in lclstrconsts.po..The lclstrconsts.po file belongs to the LCL that the Cheat Engine GUI is build upon......Custom name for your transla

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\Java.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4485
                                                                                                                                                                                                          Entropy (8bit):4.847226854261297
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:IAK8957xHV03E5IDRH3Y8LUHPop+1dpmq3W2D40AujDHZYnAd9BaJ5:IqJ6EURIvOScBj01ZYnAzcH
                                                                                                                                                                                                          MD5:FC3504DD7281F478FA29530B4BDBC3D8
                                                                                                                                                                                                          SHA1:084D65DF95350C869D5DDEFB53C0436236FCF4C7
                                                                                                                                                                                                          SHA-256:162E0DE680FE0E8BCABB09F9D51259A1CE5F83B481BBFC32DE055E0C7CEFC33C
                                                                                                                                                                                                          SHA-512:FCDB7F5244DD8EFB6448BA15B621B49D5F24E0AD79A02C5F1F91664A9CDA2C548540961075FA819DCF7459602EFCC41C34670B32B0A16A6639E4598BF76BDA28
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: java-AAF..msgid "Auto assembler failed:"..msgstr ""....#: java-JEST..msgid "Java:eventserver terminated"..msgstr ""....#: java-JD..msgid "Java:Disconnected"..msgstr ""....#: java-JUER..msgid "Java:Unexpected event received"..msgstr ""....#: java-JEHT..msgid "Java:Event handler terminating"..msgstr ""....#: java-IJS..msgid "Invalid java signature"..msgstr ""....#: java-ARTANS..msgid "Array return types are not supported"..msgstr ""....#: java-PCDNM..msgid "Parameter count does not match"..msgstr ""....#: java-SWNS..msgid "Scantype was not set"..msgstr ""....#: java-Class..msgid "Class"..msgstr ""....#: java-Method..msgid "Method"..msgstr ""....#: java-Position..msgid "Position"..msgstr ""....#: java-MI..msgid "More info %s.%s(%d)"..msgstr ""....#: java-TDMATGV..msgid "The following methods accessed the given variable"..msgstr ""....#: java-results..msgid "results"..msgstr ""....#: java-OWWTJAILAS..msgid "java_find_what_writes only works when the jvmti agent is launched at start"..msg

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\SaveSessions.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):284
                                                                                                                                                                                                          Entropy (8bit):4.462768521135749
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:InTTzQ9vrJXm6D9AMXqnTzQ3Lz2oVX2aT5WnpXMZBhnpl:InT4O6D+Nn43PYaTVZ/
                                                                                                                                                                                                          MD5:684C9B4A3EE100B044C2BFB0EDD64919
                                                                                                                                                                                                          SHA1:9A8AC81C35F3EA58E97D3A083E3FECA83F01A0AA
                                                                                                                                                                                                          SHA-256:E4283FFAB471763663C189527C805C6985B92C252074727A41E304839C45AB91
                                                                                                                                                                                                          SHA-512:B15DCC949F588C612F3A92D0DEFED4CEA025C86ED4C27E8B3BDF52A218CDE913B89FF4079A419D068CA4EA2793534246A4D17EB25BA4A45D6F5A19639B300E37
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: SS-OaPF..msgid "Open a process first"..msgstr ""....#: SS-CESF..msgid "Cheat Engine Scan files"..msgstr ""....#: SS-OaPFDaS..msgid "Open a process first and do a scan"..msgstr ""....#: SS-SSS..msgid "Save scan session"..msgstr ""....#: SS-LSS..msgid "Load scan session"..msgstr ""

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\Tutorial-x86_64.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with very long lines (516), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28896
                                                                                                                                                                                                          Entropy (8bit):4.8485599257299
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jObDfIDkxEV6uOssgT33Nm61682jD1gSuKlRr0ol425ESJoD/LmdSHdd+drGbzMz:jiDfISv9k+tjYo0ol4YOCU9d2mzMaq
                                                                                                                                                                                                          MD5:30F95F6B621C5619BCF23592F634DFE7
                                                                                                                                                                                                          SHA1:824308A98923960760C0E37C8411091A40A42ED0
                                                                                                                                                                                                          SHA-256:E10D0B9DF7A59FC657AAA4355B884E7905FDC009612D39C89CB8561CF6049C18
                                                                                                                                                                                                          SHA-512:70934880CD569D4B8179F1420EF7429571F92548B573C8D83A8FAE789D85EA7C79B59E9A4667515BEF03EA186B81961893E522743D7A1F19A8EDD755D85B1228
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:msgid ""..msgstr "Content-Type: text/plain; charset=UTF-8"....#: tform1.btnok.caption..msgctxt "tform1.btnok.caption"..msgid "OK"..msgstr ""....#: tform1.button1.caption..msgctxt "tform1.button1.caption"..msgid "Next"..msgstr ""....#: tform1.caption..msgid "Cheat Engine Tutorial v3.4"..msgstr ""....#: tform1.edtpassword.hint..msgid "Use this to go imeadiatly to the step you want to try"..msgstr ""....#: tform1.edtpassword.text..msgid "090453"..msgstr ""....#: tform1.label1.caption..msgid "Password"..msgstr ""....#: tform10.button3.caption..msgid "Restart game"..msgstr ""....#: tform10.button4.caption..msgctxt "tform10.button4.caption"..msgid "Attack"..msgstr ""....#: tform10.button5.caption..msgctxt "tform10.button5.caption"..msgid "Attack"..msgstr ""....#: tform10.button6.caption..msgctxt "tform10.button6.caption"..msgid "Restart game and autoplay"..msgstr ""....#: tform10.button7.caption..msgctxt "tform10.button7.caption"..msgid "Attack"..msgstr ""....#: tform10.button8.caption..msgc

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\VersionCheck.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):772
                                                                                                                                                                                                          Entropy (8bit):5.014428182186076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:IxYsI/YaxIBqhAsSIebWFIIcGnIAqWIeyIwZ5GmyI48DqVpDYybxIqUcO:IxBaQDsabWFup5zvD6DnbbO
                                                                                                                                                                                                          MD5:F67F26AECAC8F570A9EB02F0929ABAC5
                                                                                                                                                                                                          SHA1:43DB5011E744CFD43E4446B73BEC1178FA55C80D
                                                                                                                                                                                                          SHA-256:A31280A8CF98B30556BD99B25781D09686E67D85C3EB89D42584832A18962AD0
                                                                                                                                                                                                          SHA-512:DA06E6DFCC7DCA2E9F6017D316B2EC685135C6FD0F5C4F0C83960D3C4A3C503CF9FF205D619BDA77987A36E789E78804FDDD7A9DF84562789D2CFE42A7EE6E0C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: VC-U2CVICNEL..msgid "Unable to check version (Invalid content, not enough lines)"..msgstr ""....#: VC-U2CVIC..msgid "Unable to check version (Invalid content)"..msgstr ""......#: VC-CFNV..msgid "Check for new version"..msgstr ""....#: VC-NCA..msgid "Cheat Engine %s is available at www.cheatengine.org. Go there now?"..msgstr ""......#: VC-UP2D..msgid "You are up to date. The latest version is %s"..msgstr ""....#: VC-WTF..msgid "Unable to check version (Can't connect)"..msgstr ""....#: VC-UPDATETO..msgid "Update to %s"..msgstr ""....#: VC-UPDATETO..msgid "In how many days should I notify you again?"..msgstr ""....#: VC-SETTINGS-TEXT..msgid "Check for updates when Cheat Engine starts"..msgstr ""......#: VC-INTERVAL..msgid "Interval(days):"..msgstr ""............

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\cheatengine-x86_64.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):453577
                                                                                                                                                                                                          Entropy (8bit):4.778949128243926
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:gZ44KYZGVK44SCYJs6xj6JnhYpMzqtBtnIgJ:o44Ki4FCYJHpMABtnr
                                                                                                                                                                                                          MD5:3260EDC88460A983A6796D746CFF2815
                                                                                                                                                                                                          SHA1:444DF138C1FF161D4CDE2FC134403F11D6294528
                                                                                                                                                                                                          SHA-256:C6414831A61EFB7872E4FA41C65646413A57EED6ECFCA307AFBF1D04FD5B5432
                                                                                                                                                                                                          SHA-512:28C4BD49669ED330FB9BE5D34016E7D557EA964F17E8B6B39700216A4698F3131AB6A42FC1C2065056CAF709A2A63FF630CDA3EC53F76C3768E62CB0D7E8D743
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:msgid ""..msgstr "Content-Type: text/plain; charset=UTF-8"....#: aboutunit.rsareyousureyouwanttolaunchdbvm..msgid "Are you sure you want to launch DBVM? You seem to be running in 32-bit, so don't really need it that badly (Except for ultimap and cloaked operations)"..msgstr ""....#: aboutunit.rsdidyoureallythinkyoudfindaneastereggbydoingthiswel..msgid "Did you really think you'd find an easter egg by doing this? Well, you know what? You where right!"..msgstr ""....#: aboutunit.rslaunchdbvmwasnotassigned..msgid "launchdbvm was not assigned"..msgstr ""....#: aboutunit.rsthismeansthatyourecurrentlynotrunningdbvm..msgid "This means that you're currently not running dbvm, but that your system is capable of running it"..msgstr ""....#: aboutunit.rsthismeansthatyoursystemisrunningdbvm..msgid "This means that your system is running dbvm. This means ce will make use of some advanced tools that are otherwise unavailable"..msgstr ""....#: aboutunit.rsthismeansthatyouwillneedanewcpuinteltobeableto

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-0AF20.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1767
                                                                                                                                                                                                          Entropy (8bit):4.60229123925247
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:vWKOiRBBMn0KciKvm/QRQY0cCu9llVyZVkFNS5Ns:ZqsRWQb91/NS5Ns
                                                                                                                                                                                                          MD5:05E8F84A134363796895E8AB8089619A
                                                                                                                                                                                                          SHA1:D6925DDDE83B117D7310C4A257DD9EE444245612
                                                                                                                                                                                                          SHA-256:D8462C8704A83973632D5F38D36F7852BF78D8A81C43BBC2F5AC8FF3A4D8B658
                                                                                                                                                                                                          SHA-512:C63F273EDB9411AA15F6B0C94C5FDE7189A33DCBD50141BB85D3BD31A4A009B1E5F6CF93E10A4300A39F0431452C49070C37D5907965CE49CCB4CED4BFB70EBA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:create a language folder for your country (appropriate folder names are in the format of: en_US, nl_NL, ru_RU, etc...)..copy the .po files to the appropriate folder and then start editing ......Order of picking:.. if there is a cheatengine.po it will pick that, else cheatengine-x86_64.po and if that fails cheatengine-i386.po.. the 32-bit version can work perfectly fine with the 64-bit po.... Same for the tutorial......By default it picks the system language, but you can overide this by adding --LANG langstr or -l langstr to the parameters of Cheat Engine......editing po files...There are some po editing tools but you can also do it by hand..msgid contains the original string and msgstr contains the translated string...If msgstr is empty the original string will be shown....Certain strings are not present in the cheatengine.po file, but are present in lclstrconsts.po..The lclstrconsts.po file belongs to the LCL that the Cheat Engine GUI is build upon......Custom name for your transla

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-43BS0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3133
                                                                                                                                                                                                          Entropy (8bit):4.680373003343051
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:IhHlcWZkIteIVcqUcTNqcNPnVSYQr6sbYuwGW:Ircee/qUpcV5QOsEuwGW
                                                                                                                                                                                                          MD5:5D6D7A6A5ADC10BB638B085FA47A5A00
                                                                                                                                                                                                          SHA1:C4A2D207F3002767844F1B6130F2DDAF6F45A7F9
                                                                                                                                                                                                          SHA-256:37D28D4690BD14D15D9E2198610C7F7DED33DC7D118A1B8BDC2C32FFD0D92C74
                                                                                                                                                                                                          SHA-512:8DC87E314AFEE056F7D6D384F823F71DD5D3802CD0ADEEEAE5FF856D1E9068A8E981E1F588733C8948FB1B824285F7F093B6CB35DAC872327D645CA3912E2A5B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: pseudocodediagram-file..msgid "File"..msgstr ""....#: pseudocodediagram-lff..msgid "Load from file"..msgstr ""....#: pseudocodediagram-stfywto..msgid "Select the file you wish to open"..msgstr ""....#: pseudocodediagram-dfcc..msgid "Diagram files (*.CEDIAG )|*.CEDIAG"..msgstr ""....#: pseudocodediagram-stf..msgid "Save to file"..msgstr ""....#: pseudocodediagram-fitfywtstda..msgid "Fill in the filename you wish to save this diagram as"..msgstr ""....#: pseudocodediagram-sdti..msgid "Save diagram to image"..msgstr ""....#: pseudocodediagram-fitfywtstdi..msgid "Fill in the filename you wish to save this diagram image"..msgstr ""....#: pseudocodediagram-pfpp..msgid "PNG files (*.PNG )|*.PNG"..msgstr ""....#: pseudocodediagram-close..msgid "Close"..msgstr ""....#: pseudocodediagram-display..msgid "Display"..msgstr ""....#: pseudocodediagram-spfu2oc..msgid "Show path from Ultimap1/2 or Codefilter"..msgstr ""....#: pseudocodediagram-spftw..msgid "Show path from tracer window"..msgstr ""..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-6OC6I.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):453577
                                                                                                                                                                                                          Entropy (8bit):4.778949128243926
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:gZ44KYZGVK44SCYJs6xj6JnhYpMzqtBtnIgJ:o44Ki4FCYJHpMABtnr
                                                                                                                                                                                                          MD5:3260EDC88460A983A6796D746CFF2815
                                                                                                                                                                                                          SHA1:444DF138C1FF161D4CDE2FC134403F11D6294528
                                                                                                                                                                                                          SHA-256:C6414831A61EFB7872E4FA41C65646413A57EED6ECFCA307AFBF1D04FD5B5432
                                                                                                                                                                                                          SHA-512:28C4BD49669ED330FB9BE5D34016E7D557EA964F17E8B6B39700216A4698F3131AB6A42FC1C2065056CAF709A2A63FF630CDA3EC53F76C3768E62CB0D7E8D743
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:msgid ""..msgstr "Content-Type: text/plain; charset=UTF-8"....#: aboutunit.rsareyousureyouwanttolaunchdbvm..msgid "Are you sure you want to launch DBVM? You seem to be running in 32-bit, so don't really need it that badly (Except for ultimap and cloaked operations)"..msgstr ""....#: aboutunit.rsdidyoureallythinkyoudfindaneastereggbydoingthiswel..msgid "Did you really think you'd find an easter egg by doing this? Well, you know what? You where right!"..msgstr ""....#: aboutunit.rslaunchdbvmwasnotassigned..msgid "launchdbvm was not assigned"..msgstr ""....#: aboutunit.rsthismeansthatyourecurrentlynotrunningdbvm..msgid "This means that you're currently not running dbvm, but that your system is capable of running it"..msgstr ""....#: aboutunit.rsthismeansthatyoursystemisrunningdbvm..msgid "This means that your system is running dbvm. This means ce will make use of some advanced tools that are otherwise unavailable"..msgstr ""....#: aboutunit.rsthismeansthatyouwillneedanewcpuinteltobeableto

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-HGRTQ.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with very long lines (516), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28896
                                                                                                                                                                                                          Entropy (8bit):4.8485599257299
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:jObDfIDkxEV6uOssgT33Nm61682jD1gSuKlRr0ol425ESJoD/LmdSHdd+drGbzMz:jiDfISv9k+tjYo0ol4YOCU9d2mzMaq
                                                                                                                                                                                                          MD5:30F95F6B621C5619BCF23592F634DFE7
                                                                                                                                                                                                          SHA1:824308A98923960760C0E37C8411091A40A42ED0
                                                                                                                                                                                                          SHA-256:E10D0B9DF7A59FC657AAA4355B884E7905FDC009612D39C89CB8561CF6049C18
                                                                                                                                                                                                          SHA-512:70934880CD569D4B8179F1420EF7429571F92548B573C8D83A8FAE789D85EA7C79B59E9A4667515BEF03EA186B81961893E522743D7A1F19A8EDD755D85B1228
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:msgid ""..msgstr "Content-Type: text/plain; charset=UTF-8"....#: tform1.btnok.caption..msgctxt "tform1.btnok.caption"..msgid "OK"..msgstr ""....#: tform1.button1.caption..msgctxt "tform1.button1.caption"..msgid "Next"..msgstr ""....#: tform1.caption..msgid "Cheat Engine Tutorial v3.4"..msgstr ""....#: tform1.edtpassword.hint..msgid "Use this to go imeadiatly to the step you want to try"..msgstr ""....#: tform1.edtpassword.text..msgid "090453"..msgstr ""....#: tform1.label1.caption..msgid "Password"..msgstr ""....#: tform10.button3.caption..msgid "Restart game"..msgstr ""....#: tform10.button4.caption..msgctxt "tform10.button4.caption"..msgid "Attack"..msgstr ""....#: tform10.button5.caption..msgctxt "tform10.button5.caption"..msgid "Attack"..msgstr ""....#: tform10.button6.caption..msgctxt "tform10.button6.caption"..msgid "Restart game and autoplay"..msgstr ""....#: tform10.button7.caption..msgctxt "tform10.button7.caption"..msgid "Attack"..msgstr ""....#: tform10.button8.caption..msgc

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-I78HF.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):284
                                                                                                                                                                                                          Entropy (8bit):4.462768521135749
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:InTTzQ9vrJXm6D9AMXqnTzQ3Lz2oVX2aT5WnpXMZBhnpl:InT4O6D+Nn43PYaTVZ/
                                                                                                                                                                                                          MD5:684C9B4A3EE100B044C2BFB0EDD64919
                                                                                                                                                                                                          SHA1:9A8AC81C35F3EA58E97D3A083E3FECA83F01A0AA
                                                                                                                                                                                                          SHA-256:E4283FFAB471763663C189527C805C6985B92C252074727A41E304839C45AB91
                                                                                                                                                                                                          SHA-512:B15DCC949F588C612F3A92D0DEFED4CEA025C86ED4C27E8B3BDF52A218CDE913B89FF4079A419D068CA4EA2793534246A4D17EB25BA4A45D6F5A19639B300E37
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: SS-OaPF..msgid "Open a process first"..msgstr ""....#: SS-CESF..msgid "Cheat Engine Scan files"..msgstr ""....#: SS-OaPFDaS..msgid "Open a process first and do a scan"..msgstr ""....#: SS-SSS..msgid "Save scan session"..msgstr ""....#: SS-LSS..msgid "Load scan session"..msgstr ""

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-J4AE8.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with very long lines (407), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):31373
                                                                                                                                                                                                          Entropy (8bit):4.738121487849168
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:gyw0FrKFidHPeeMV6uSsX5Ipahgjmg7vxAP7:gyFKFwPume5Ipaum7
                                                                                                                                                                                                          MD5:B16C41734CCB91D59D6EFD720B8CC5C2
                                                                                                                                                                                                          SHA1:894641756D69268F40A97A659E7FEC6422424D74
                                                                                                                                                                                                          SHA-256:D4940DFF786E4B3C2DFE9B0518B64B91A2B8C0F0B8185E2B4CF7784E615F20A1
                                                                                                                                                                                                          SHA-512:C38458F79B2A651065C31602BBC9C230C49E1567254A5D044E9A94FE9DC63B19B0EABFE7446688E58F843FEB65CF290453B3E8BFB800EEBF1459A4134C0CFBB0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:msgid ""..msgstr "".."MIME-Version: 1.0\n".."Content-Type: text/plain; charset=UTF-8\n".."Content-Transfer-Encoding: 8bit\n"....#: lclstrconsts.hhshelpbrowsernotexecutable..msgid "Browser %s%s%s not executable."..msgstr ""....#: lclstrconsts.hhshelpbrowsernotfound..msgid "Browser %s%s%s not found."..msgstr ""....#: lclstrconsts.hhshelperrorwhileexecuting..msgid "Error while executing %s%s%s:%s%s"..msgstr ""....#: lclstrconsts.hhshelpnohtmlbrowserfound..msgid "Unable to find a HTML browser."..msgstr ""....#: lclstrconsts.hhshelpnohtmlbrowserfoundpleasedefineoneinhelpconfigurehe..msgid "No HTML Browser found.%sPlease define one in Environment -> Options -> Help -> Help Options"..msgstr ""....#: lclstrconsts.hhshelpthehelpdatabasewasunabletofindfile..msgid "The help database %s%s%s was unable to find file %s%s%s."..msgstr ""....#: lclstrconsts.hhshelpthemacrosinbrowserparamswillbereplacedbytheurl..msgid "The macro %s in BrowserParams will be replaced by the URL."..msgstr ""....#: lclstrco

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-K9HMC.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1044
                                                                                                                                                                                                          Entropy (8bit):4.607911901797074
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:SyKwrQRrYuB24kEiVmSoUiEY0M6zrvLB/Nt:f224kfVLNNt
                                                                                                                                                                                                          MD5:9924B578270AB864E800BF38B2FA65BE
                                                                                                                                                                                                          SHA1:65174EA0E3FA382BBCF7DEEB2E5F5C74AA0E51F4
                                                                                                                                                                                                          SHA-256:16EC4573AE731BC32397874599F2E2FED68BAEE932F23DA6DDDDCE99917B8D70
                                                                                                                                                                                                          SHA-512:C27B43A3944BF9A9B6A6E88FEAF0BA40C84364580015420075EF89131A23586B7FF2908A2992CA0FFC7BC928ABA12A0B111260A592A479DDF97B46375D772714
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.#: patchscan-nave..msgid "Not a valid executable"..msgstr ""....#: patchscan-navwe..msgid "Not a valid windows executable"..msgstr ""....#: patchscan-ttomicns..msgid "This type of module is currently not supported"..msgstr ""....#: patchscan-ce..msgid "Compare error. "..msgstr ""....#: patchscan-ml..msgid "Module List"..msgstr ""....#: patchscan-stmtsfp..msgid "Select the modules to scan for patches. Hold shift/ctrl to select multiple modules"..msgstr ""....#: patchscan-ok..msgid " OK "..msgstr ""....#: patchscan-cancel..msgid "Cancel"..msgstr ""....#: patchscan-scanning..msgid "Scanning: %s"..msgstr ""....#: patchscan-ei..msgid "Error in "..msgstr ""....#: patchscan-pl..msgid "Patch list"..msgstr ""....#: patchscan-address..msgid "Address"..msgstr ""....#: patchscan-original..msgid "Original"..msgstr ""....#: patchscan-patched..msgid "Patched"..msgstr ""....#: patchscan-rwo..msgid "Restore with original"..msgstr ""....#: patchscan-rp..msgid "Reapply patch"..msgstr ""....#: patchs

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-LEND9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2438
                                                                                                                                                                                                          Entropy (8bit):4.816958401157341
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:InNN5uwDdugIWruZxDNj9kospRbxaq2lSZeu2H7phQpo1TMAFpRvbubzb/PdQQiN:InJbxugIWSPNj9kospFxV2lSZeZH7/nR
                                                                                                                                                                                                          MD5:5194E6AAC00716CEB7498A8263ABDB03
                                                                                                                                                                                                          SHA1:D249CC96E60A36B0B9DA99D69903BD81D3F32C8F
                                                                                                                                                                                                          SHA-256:3842AF13D8462A02E6F3A8B3B5C3079EAF1081B030415287F67F10FB6F622109
                                                                                                                                                                                                          SHA-512:A7F89289E3A8827367E827A29224FEC0CC9D8699A082D592F372E13FB413BFD8B837A8313AD6530FA4BB6409E06A85BDBA890CE00B00DC7FF3FCF873F7F0EF4F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: monoscript-FITM..msgid "Failure injecting the MonoDatacollector dll"..msgstr ""....#: monoscript-DYWTL..msgid "Do you wish to let the mono extention figure out the name and start address? If it's not a proper object this may crash the target."..msgstr ""....#: monoscript-IO..msgid "Instances of "..msgstr ""....#: monoscript-WTAJG..msgid "Warning: These are just guesses. Validate them yourself"..msgstr ""....#: monoscript-AN..msgid "address==nil"..msgstr ""....#: monoscript-Invoke..msgid "Invoke "..msgstr ""....#: monoscript-IA..msgid "Instance address"..msgstr ""....#: monoscript-PW..msgid "<Please wait...>"..msgstr ""....#: monoscript-Parameters..msgid "Parameters"..msgstr ""....#: monoscript-OK..msgid "OK"..msgstr ""....#: monoscript-Cancel..msgid "Cancel"..msgstr ""....#: monoscript-Parameter..msgid "parameter "..msgstr ""....#: monoscript-INAVA..msgid " is not a valid address"..msgstr ""....#: monoscript-INAVV..msgid "is not a valid value"..msgstr ""....#: monoscript-IFT..msgid

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-M6QDN.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):772
                                                                                                                                                                                                          Entropy (8bit):5.014428182186076
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:IxYsI/YaxIBqhAsSIebWFIIcGnIAqWIeyIwZ5GmyI48DqVpDYybxIqUcO:IxBaQDsabWFup5zvD6DnbbO
                                                                                                                                                                                                          MD5:F67F26AECAC8F570A9EB02F0929ABAC5
                                                                                                                                                                                                          SHA1:43DB5011E744CFD43E4446B73BEC1178FA55C80D
                                                                                                                                                                                                          SHA-256:A31280A8CF98B30556BD99B25781D09686E67D85C3EB89D42584832A18962AD0
                                                                                                                                                                                                          SHA-512:DA06E6DFCC7DCA2E9F6017D316B2EC685135C6FD0F5C4F0C83960D3C4A3C503CF9FF205D619BDA77987A36E789E78804FDDD7A9DF84562789D2CFE42A7EE6E0C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: VC-U2CVICNEL..msgid "Unable to check version (Invalid content, not enough lines)"..msgstr ""....#: VC-U2CVIC..msgid "Unable to check version (Invalid content)"..msgstr ""......#: VC-CFNV..msgid "Check for new version"..msgstr ""....#: VC-NCA..msgid "Cheat Engine %s is available at www.cheatengine.org. Go there now?"..msgstr ""......#: VC-UP2D..msgid "You are up to date. The latest version is %s"..msgstr ""....#: VC-WTF..msgid "Unable to check version (Can't connect)"..msgstr ""....#: VC-UPDATETO..msgid "Update to %s"..msgstr ""....#: VC-UPDATETO..msgid "In how many days should I notify you again?"..msgstr ""....#: VC-SETTINGS-TEXT..msgid "Check for updates when Cheat Engine starts"..msgstr ""......#: VC-INTERVAL..msgid "Interval(days):"..msgstr ""............

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-MHK86.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):283
                                                                                                                                                                                                          Entropy (8bit):4.58883566118718
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:dc1MUMt3Y+j2ZSWF1iyFQFNHNTSoaOiXkq3cM8TcKDymRKCFWp4aq32vn:dc2LYKefEyBO/bMnE2zFv
                                                                                                                                                                                                          MD5:AF5ED8F4FE5370516403AE39200F5A4F
                                                                                                                                                                                                          SHA1:9299E9998A0605182683A58A5A6AB01A9B9BC037
                                                                                                                                                                                                          SHA-256:4AA4F0B75548D45C81D8E876E2DB1C74BDDFD64091F102706D729B50A7AF53A5
                                                                                                                                                                                                          SHA-512:F070049A2FAE3223861424E7FE79CBAE6601C9BEE6A56FADDE4485AD3C597DC1F3687E720177AB28564A1FAAB52B6679E9315F74327D02AA1FB31E7B8233A80F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:;If the --LANG parameter OR the LANG environment variable are not set and this inifile..;is present in this folder it will be used to pick the language...[Language]..;If preferedLanguage is kept empty CE will choose the language of your operating system instead..PreferedLanguage=*..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\is-RA0R0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4485
                                                                                                                                                                                                          Entropy (8bit):4.847226854261297
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:IAK8957xHV03E5IDRH3Y8LUHPop+1dpmq3W2D40AujDHZYnAd9BaJ5:IqJ6EURIvOScBj01ZYnAzcH
                                                                                                                                                                                                          MD5:FC3504DD7281F478FA29530B4BDBC3D8
                                                                                                                                                                                                          SHA1:084D65DF95350C869D5DDEFB53C0436236FCF4C7
                                                                                                                                                                                                          SHA-256:162E0DE680FE0E8BCABB09F9D51259A1CE5F83B481BBFC32DE055E0C7CEFC33C
                                                                                                                                                                                                          SHA-512:FCDB7F5244DD8EFB6448BA15B621B49D5F24E0AD79A02C5F1F91664A9CDA2C548540961075FA819DCF7459602EFCC41C34670B32B0A16A6639E4598BF76BDA28
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: java-AAF..msgid "Auto assembler failed:"..msgstr ""....#: java-JEST..msgid "Java:eventserver terminated"..msgstr ""....#: java-JD..msgid "Java:Disconnected"..msgstr ""....#: java-JUER..msgid "Java:Unexpected event received"..msgstr ""....#: java-JEHT..msgid "Java:Event handler terminating"..msgstr ""....#: java-IJS..msgid "Invalid java signature"..msgstr ""....#: java-ARTANS..msgid "Array return types are not supported"..msgstr ""....#: java-PCDNM..msgid "Parameter count does not match"..msgstr ""....#: java-SWNS..msgid "Scantype was not set"..msgstr ""....#: java-Class..msgid "Class"..msgstr ""....#: java-Method..msgid "Method"..msgstr ""....#: java-Position..msgid "Position"..msgstr ""....#: java-MI..msgid "More info %s.%s(%d)"..msgstr ""....#: java-TDMATGV..msgid "The following methods accessed the given variable"..msgstr ""....#: java-results..msgid "results"..msgstr ""....#: java-OWWTJAILAS..msgid "java_find_what_writes only works when the jvmti agent is launched at start"..msg

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\language.ini (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):283
                                                                                                                                                                                                          Entropy (8bit):4.58883566118718
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:dc1MUMt3Y+j2ZSWF1iyFQFNHNTSoaOiXkq3cM8TcKDymRKCFWp4aq32vn:dc2LYKefEyBO/bMnE2zFv
                                                                                                                                                                                                          MD5:AF5ED8F4FE5370516403AE39200F5A4F
                                                                                                                                                                                                          SHA1:9299E9998A0605182683A58A5A6AB01A9B9BC037
                                                                                                                                                                                                          SHA-256:4AA4F0B75548D45C81D8E876E2DB1C74BDDFD64091F102706D729B50A7AF53A5
                                                                                                                                                                                                          SHA-512:F070049A2FAE3223861424E7FE79CBAE6601C9BEE6A56FADDE4485AD3C597DC1F3687E720177AB28564A1FAAB52B6679E9315F74327D02AA1FB31E7B8233A80F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:;If the --LANG parameter OR the LANG environment variable are not set and this inifile..;is present in this folder it will be used to pick the language...[Language]..;If preferedLanguage is kept empty CE will choose the language of your operating system instead..PreferedLanguage=*..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\lclstrconsts.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with very long lines (407), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):31373
                                                                                                                                                                                                          Entropy (8bit):4.738121487849168
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:gyw0FrKFidHPeeMV6uSsX5Ipahgjmg7vxAP7:gyFKFwPume5Ipaum7
                                                                                                                                                                                                          MD5:B16C41734CCB91D59D6EFD720B8CC5C2
                                                                                                                                                                                                          SHA1:894641756D69268F40A97A659E7FEC6422424D74
                                                                                                                                                                                                          SHA-256:D4940DFF786E4B3C2DFE9B0518B64B91A2B8C0F0B8185E2B4CF7784E615F20A1
                                                                                                                                                                                                          SHA-512:C38458F79B2A651065C31602BBC9C230C49E1567254A5D044E9A94FE9DC63B19B0EABFE7446688E58F843FEB65CF290453B3E8BFB800EEBF1459A4134C0CFBB0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:msgid ""..msgstr "".."MIME-Version: 1.0\n".."Content-Type: text/plain; charset=UTF-8\n".."Content-Transfer-Encoding: 8bit\n"....#: lclstrconsts.hhshelpbrowsernotexecutable..msgid "Browser %s%s%s not executable."..msgstr ""....#: lclstrconsts.hhshelpbrowsernotfound..msgid "Browser %s%s%s not found."..msgstr ""....#: lclstrconsts.hhshelperrorwhileexecuting..msgid "Error while executing %s%s%s:%s%s"..msgstr ""....#: lclstrconsts.hhshelpnohtmlbrowserfound..msgid "Unable to find a HTML browser."..msgstr ""....#: lclstrconsts.hhshelpnohtmlbrowserfoundpleasedefineoneinhelpconfigurehe..msgid "No HTML Browser found.%sPlease define one in Environment -> Options -> Help -> Help Options"..msgstr ""....#: lclstrconsts.hhshelpthehelpdatabasewasunabletofindfile..msgid "The help database %s%s%s was unable to find file %s%s%s."..msgstr ""....#: lclstrconsts.hhshelpthemacrosinbrowserparamswillbereplacedbytheurl..msgid "The macro %s in BrowserParams will be replaced by the URL."..msgstr ""....#: lclstrco

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\monoscript.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2438
                                                                                                                                                                                                          Entropy (8bit):4.816958401157341
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:InNN5uwDdugIWruZxDNj9kospRbxaq2lSZeu2H7phQpo1TMAFpRvbubzb/PdQQiN:InJbxugIWSPNj9kospFxV2lSZeZH7/nR
                                                                                                                                                                                                          MD5:5194E6AAC00716CEB7498A8263ABDB03
                                                                                                                                                                                                          SHA1:D249CC96E60A36B0B9DA99D69903BD81D3F32C8F
                                                                                                                                                                                                          SHA-256:3842AF13D8462A02E6F3A8B3B5C3079EAF1081B030415287F67F10FB6F622109
                                                                                                                                                                                                          SHA-512:A7F89289E3A8827367E827A29224FEC0CC9D8699A082D592F372E13FB413BFD8B837A8313AD6530FA4BB6409E06A85BDBA890CE00B00DC7FF3FCF873F7F0EF4F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: monoscript-FITM..msgid "Failure injecting the MonoDatacollector dll"..msgstr ""....#: monoscript-DYWTL..msgid "Do you wish to let the mono extention figure out the name and start address? If it's not a proper object this may crash the target."..msgstr ""....#: monoscript-IO..msgid "Instances of "..msgstr ""....#: monoscript-WTAJG..msgid "Warning: These are just guesses. Validate them yourself"..msgstr ""....#: monoscript-AN..msgid "address==nil"..msgstr ""....#: monoscript-Invoke..msgid "Invoke "..msgstr ""....#: monoscript-IA..msgid "Instance address"..msgstr ""....#: monoscript-PW..msgid "<Please wait...>"..msgstr ""....#: monoscript-Parameters..msgid "Parameters"..msgstr ""....#: monoscript-OK..msgid "OK"..msgstr ""....#: monoscript-Cancel..msgid "Cancel"..msgstr ""....#: monoscript-Parameter..msgid "parameter "..msgstr ""....#: monoscript-INAVA..msgid " is not a valid address"..msgstr ""....#: monoscript-INAVV..msgid "is not a valid value"..msgstr ""....#: monoscript-IFT..msgid

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\patchscan.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1044
                                                                                                                                                                                                          Entropy (8bit):4.607911901797074
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:SyKwrQRrYuB24kEiVmSoUiEY0M6zrvLB/Nt:f224kfVLNNt
                                                                                                                                                                                                          MD5:9924B578270AB864E800BF38B2FA65BE
                                                                                                                                                                                                          SHA1:65174EA0E3FA382BBCF7DEEB2E5F5C74AA0E51F4
                                                                                                                                                                                                          SHA-256:16EC4573AE731BC32397874599F2E2FED68BAEE932F23DA6DDDDCE99917B8D70
                                                                                                                                                                                                          SHA-512:C27B43A3944BF9A9B6A6E88FEAF0BA40C84364580015420075EF89131A23586B7FF2908A2992CA0FFC7BC928ABA12A0B111260A592A479DDF97B46375D772714
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.#: patchscan-nave..msgid "Not a valid executable"..msgstr ""....#: patchscan-navwe..msgid "Not a valid windows executable"..msgstr ""....#: patchscan-ttomicns..msgid "This type of module is currently not supported"..msgstr ""....#: patchscan-ce..msgid "Compare error. "..msgstr ""....#: patchscan-ml..msgid "Module List"..msgstr ""....#: patchscan-stmtsfp..msgid "Select the modules to scan for patches. Hold shift/ctrl to select multiple modules"..msgstr ""....#: patchscan-ok..msgid " OK "..msgstr ""....#: patchscan-cancel..msgid "Cancel"..msgstr ""....#: patchscan-scanning..msgid "Scanning: %s"..msgstr ""....#: patchscan-ei..msgid "Error in "..msgstr ""....#: patchscan-pl..msgid "Patch list"..msgstr ""....#: patchscan-address..msgid "Address"..msgstr ""....#: patchscan-original..msgid "Original"..msgstr ""....#: patchscan-patched..msgid "Patched"..msgstr ""....#: patchscan-rwo..msgid "Restore with original"..msgstr ""....#: patchscan-rp..msgid "Reapply patch"..msgstr ""....#: patchs

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\languages\pseudocodediagram.po (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:GNU gettext message catalogue, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3133
                                                                                                                                                                                                          Entropy (8bit):4.680373003343051
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:IhHlcWZkIteIVcqUcTNqcNPnVSYQr6sbYuwGW:Ircee/qUpcV5QOsEuwGW
                                                                                                                                                                                                          MD5:5D6D7A6A5ADC10BB638B085FA47A5A00
                                                                                                                                                                                                          SHA1:C4A2D207F3002767844F1B6130F2DDAF6F45A7F9
                                                                                                                                                                                                          SHA-256:37D28D4690BD14D15D9E2198610C7F7DED33DC7D118A1B8BDC2C32FFD0D92C74
                                                                                                                                                                                                          SHA-512:8DC87E314AFEE056F7D6D384F823F71DD5D3802CD0ADEEEAE5FF856D1E9068A8E981E1F588733C8948FB1B824285F7F093B6CB35DAC872327D645CA3912E2A5B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:#: pseudocodediagram-file..msgid "File"..msgstr ""....#: pseudocodediagram-lff..msgid "Load from file"..msgstr ""....#: pseudocodediagram-stfywto..msgid "Select the file you wish to open"..msgstr ""....#: pseudocodediagram-dfcc..msgid "Diagram files (*.CEDIAG )|*.CEDIAG"..msgstr ""....#: pseudocodediagram-stf..msgid "Save to file"..msgstr ""....#: pseudocodediagram-fitfywtstda..msgid "Fill in the filename you wish to save this diagram as"..msgstr ""....#: pseudocodediagram-sdti..msgid "Save diagram to image"..msgstr ""....#: pseudocodediagram-fitfywtstdi..msgid "Fill in the filename you wish to save this diagram image"..msgstr ""....#: pseudocodediagram-pfpp..msgid "PNG files (*.PNG )|*.PNG"..msgstr ""....#: pseudocodediagram-close..msgid "Close"..msgstr ""....#: pseudocodediagram-display..msgid "Display"..msgstr ""....#: pseudocodediagram-spfu2oc..msgid "Show path from Ultimap1/2 or Codefilter"..msgstr ""....#: pseudocodediagram-spftw..msgid "Show path from tracer window"..msgstr ""..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\libipt-32.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):161688
                                                                                                                                                                                                          Entropy (8bit):6.832669552984183
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:K3uc99F6AOdjfTOZztxlGWGXLQbcpNk6FowD6QcEY7Xjl5hf8keDQa/c7usWjcd6:K3ukXTNGp7+6zaEY7Zf/a0ye3ZoOvKOS
                                                                                                                                                                                                          MD5:DF443813546ABCEF7F33DD9FC0C6070A
                                                                                                                                                                                                          SHA1:635D2D453D48382824E44DD1E59D5C54D735EE2C
                                                                                                                                                                                                          SHA-256:D14911C838620251F7F64C190B04BB8F4E762318CC763D993C9179376228D8CA
                                                                                                                                                                                                          SHA-512:9F9BEA9112D9DB9BCECFC8E4800B7E8032EFB240CBBDDAF26C133B4CE12D27B47DC4E90BC339C561714BC972F6E809B2EC9C9E1FACC6C223FBAC66B089A14C25
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..U~...~...~...s...^...s.#.i...s.......w.o.}...~...'....v..g....v .....s.'......v".....Rich~...........................PE..L....d.W...........!.........................................................p......w.....@................................. ...(....@...................g...P..(...p...8...........................h...@...............4............................text............................... ..`.rdata...T.......V..................@..@.data... =..........................@....rsrc........@......................@..@.reloc..(....P......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\libipt-64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):187288
                                                                                                                                                                                                          Entropy (8bit):6.46399109534477
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:XMTS4QqrM7BqUHEwXDVT6B8AF6aBBcFkLODeYJObCkEjOUkOG:XIQqrc7V5Trw6aBBcFk6CtbID4
                                                                                                                                                                                                          MD5:4A3B7C52EF32D936E3167EFC1E920AE6
                                                                                                                                                                                                          SHA1:D5D8DAA7A272547419132DDB6E666F7559DBAC04
                                                                                                                                                                                                          SHA-256:26EDE848DBA071EB76C0C0EF8E9D8AD1C53DFAB47CA9137ABC9D683032F06EBB
                                                                                                                                                                                                          SHA-512:36D7F8A0A749DE049A830CC8C8F0D3962D8DCE57B445F5F3C771A86DD11AAA10DA5F36F95E55D3DC90900E4DBDDD0DCC21052C53AA11F939DB691362C42E5312
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d../ .t| .t| .t|f.|..t|f.|_.t|f.|*.t|.B.|#.t| .u||.t|.#.|9.t|.#.|!.t|-.|!.t|.#.|!.t|Rich .t|................PE..d....d.W.........." ................t................................................f....`..........................................4.......:..(....................t...g..............8...........................p...p............................................text............................... ..`.rdata..(...........................@..@.data....K...P.......4..............@....pdata...............R..............@..@.rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\libiptlicense.txt (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1491
                                                                                                                                                                                                          Entropy (8bit):5.150461183336365
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:c3UnepmoqbOOrYFlrJYrYFIzLQ9Zonc432smXOkuEWRO632s3yOtTf1p13to+Zqh:xOOrYj2rYCzeqnc432sem32s3xtD13tQ
                                                                                                                                                                                                          MD5:1EE5923E90E9DB03EF80F6DA5C14FB7B
                                                                                                                                                                                                          SHA1:BCB456DB885C932605F4DCFFABBF771BC7CB5C41
                                                                                                                                                                                                          SHA-256:1A971954CD09C202E73E625329EE4DDF7291C7C0E155A1086DA7FAAC1957C94B
                                                                                                                                                                                                          SHA-512:8A008D4FAEE52F76A6C9024DE88963261730FA12EB54B0BE5FB80F8CC02CF7FEC0EFC126A209A646BE17D91B78FFC2E54BAAB7E346474BCFFFD92D3C942E959F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Copyright 2018 Alex Ionescu. All rights reserved.....Redistribution and use in source and binary forms, with or without modification, are permitted provided..that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this list of conditions and.. the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions.. and the following disclaimer in the documentation and/or other materials provided with the.. distribution.....THIS SOFTWARE IS PROVIDED BY ALEX IONESCU ``AS IS'' AND ANY EXPRESS OR IMPLIED..WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND..FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ALEX IONESCU..OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR..CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS..OR SERVICES; LOSS OF USE,

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\libmikmod32.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):308120
                                                                                                                                                                                                          Entropy (8bit):6.921402988579037
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:3QMsoykzuYV4SPaa/Gr+RBmRQ5wipE04CIcFw6eAwE5Sm1Q5jsV+XkO4qOT:3NJyTuxkC57IZEzGmT
                                                                                                                                                                                                          MD5:462322CC93E55016D5EA78B2B9823657
                                                                                                                                                                                                          SHA1:3E8E00B690A4370D6F2DFDCF730F2D3FDA4806A6
                                                                                                                                                                                                          SHA-256:AEDC048FCFEC594E7307E4730D850E5E0121820A76CA1A363F4A2E41D084F393
                                                                                                                                                                                                          SHA-512:A46E56130A8D1CA588D9935D98468543328B42492F1257157D2C7FD99AC341E8A22337AC2228AECF33A70913A7E7161B300BB458E1C07D5D0B94A7AA1DD72D79
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t...t...t.....q.q...y.W.P...y.i.b...y.V......D}.}...t...+....%R.\....%j.u...y.m.u....%h.u...Richt...........................PE..L...h.&V...........!.....p................................................................@.....................................d....P...............L...g...`..@E......8...............................@...............T............................text....o.......p.................. ..`.rdata...v.......x...t..............@..@.data....@..........................@....rsrc........P......................@..@.reloc..@E...`...F..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\libmikmod64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):339864
                                                                                                                                                                                                          Entropy (8bit):6.56829741282491
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:ZnVdQfxRaiC76I/wZGteu+WJrXeN6joNtMrvMl9u61s1JGTBHpMqdmgIIE5pY2B:jdsxs6I6k9MUoNt2vSs8KqdmgIIE/b
                                                                                                                                                                                                          MD5:A358DAE60F1C0F6A633F98B1E4D3E850
                                                                                                                                                                                                          SHA1:2016F1FB0F8000E515602498432951B7C5BC5ACA
                                                                                                                                                                                                          SHA-256:25C648CFDB4CDBBB13630ADC7C14F2BB556C98F5CD1DCBECAFFA91629D2D4A4C
                                                                                                                                                                                                          SHA-512:879B5E95CF7F06E105930724BBC6967B367417DCE390A15DE48BF5CE76CE2435EA4A59095AB67EEE5A05FA41126DDB984C2154ABA34B33FAC895A1CCC2D2A617
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.j...9...9...9..p9...9..V9...9..W9...9..h9...9K.|9...9...9...9#.S9...9#.k9...9.|l9...9#.i9...9Rich...9........PE..d...t.&V.........." .........J...............................................0............`..........................................h.......t..d...............\+.......g... ......@...8............................8..p............................................text............................... ..`.rdata..P...........................@..@.data....R......."...n..............@....pdata..\+.......,..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\lua53-32.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):464280
                                                                                                                                                                                                          Entropy (8bit):6.881353710429075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:dBj8paX8fQ/T/md4OASZAOLRwRai6wXGn+hfy:dxLrLmd4OA4L8DXGnmy
                                                                                                                                                                                                          MD5:AD3F33BAC8EADAB224ADAF4CF6D5B97A
                                                                                                                                                                                                          SHA1:6CCFB97236C5AD3B48A3EB7A113E3E297422E808
                                                                                                                                                                                                          SHA-256:58B206AB9A3D84FDAFB537B419F721ECDEADE489707DBAB227B043D5343DB369
                                                                                                                                                                                                          SHA-512:C319A1C3D0D90AFEFD27DC0379C79E38993490FFA14CB281F419BC94FDE5776CD7EAB54351C57F6EAEEBCACF7F965FA0B8A8DD67489E799FCD84D39393C62A3E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]..3...3...3..d...3..d....3..d....3...6...3...7...3...0...3.......3...2...3.<.;...3.<.3...3.<....3.<.1...3.Rich..3.................PE..L....v._...........!..... ...................0............................................@..........................c.......q..(........................g.......2...W..p............................X..@............0..h............................text...@........ .................. ..`.rdata...I...0...J...$..............@..@.data................n..............@....rsrc................x..............@..@.reloc...2.......4...z..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\lua53-64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):541592
                                                                                                                                                                                                          Entropy (8bit):6.56379573889746
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:FshVOadaiL9mUHQMpgL8LgpqClZNKX6SumisBEb/NUidzSky3uDMK/LXTMBQqN5T:hOL9J2L8E5VKKSuLGEhXGstCXoYkc7BV
                                                                                                                                                                                                          MD5:B7C9F1E7E640F1A034BE84AF86970D45
                                                                                                                                                                                                          SHA1:F795DC3D781B9578A96C92658B9F95806FC9BDDE
                                                                                                                                                                                                          SHA-256:6D0A06B90213F082CB98950890518C0F08B9FC16DBFAB34D400267CB6CDADEFF
                                                                                                                                                                                                          SHA-512:DA63992B68F1112C0D6B33E6004F38E85B3C3E251E0D5457CD63804A49C5AA05AA23249E0614DACAD4FEC28CA6EFDB5DDEE06DA5BFBFA07E21942976201079F3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p.............q.R.....q.P.....q.Q.....y......y......y.......i0............Vx......Vx......Vx\.....Vx......Rich............PE..d....w._.........." .................:....................................... ......&.....`.........................................0f..p....t..(................Q.......g......\.......p............................................................................text............................... ..`.rdata..............................@..@.data...8............n..............@....pdata...Q.......R...|..............@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\luaclient-i386.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):202648
                                                                                                                                                                                                          Entropy (8bit):6.566120700945174
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:fr03mcDwt5b2+z615yQ7SLVTnyJYpgerOEmgsRBZnwO4oO8:fg3mrHb2+z615yQ7GnyOpFOEFKD2G
                                                                                                                                                                                                          MD5:9F50134C8BE9AF59F371F607A6DAA0B6
                                                                                                                                                                                                          SHA1:6584B98172CBC4916A7E5CA8D5788493F85F24A7
                                                                                                                                                                                                          SHA-256:DD07117ED80546F23D37F8023E992DE560A1F55A76D1EB6DFD9D55BAA5E3DAD6
                                                                                                                                                                                                          SHA-512:5CCAFA2B0E2D20034168EE9A79E8EFFF64F12F5247F6772815EF4CB9EE56F245A06B088247222C5A3789AE2DCEFADBC2C15DF4FF5196028857F92B9992B094E0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........d....*........... ...............................@......D...........................................P........................g.......#......................................................d............................text............................... ..`.data...d.... ......................@....rdata..,c...@...d..................@..@.bss.....*...............................CRT.................~..............@....idata..............................@....edata..............................@..@.reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\luaclient-x86_64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):266648
                                                                                                                                                                                                          Entropy (8bit):6.017604835530295
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:KK2iOI60nWU4NJ4twEywGLOJQbcOL9z32fY8iV1OQfkz5w4Q7hk1D2oOyPOP:KKu0WU4J0w6xJkBAY8i7fkaThkA4g
                                                                                                                                                                                                          MD5:DD71848B5BBD150E22E84238CF985AF0
                                                                                                                                                                                                          SHA1:35C7AA128D47710CFDB15BB6809A20DBD0F916D8
                                                                                                                                                                                                          SHA-256:253D18D0D835F482E6ABBAF716855580EB8FE789292C937301E4D60EAD29531D
                                                                                                                                                                                                          SHA-512:0CBF35C9D7B09FB57D8A9079EAB726A3891393F12AEE8B43E01D1D979509E755B74C0FB677F8F2DFAB6B2E34A141F65D0CFBFE57BDA0BF7482841AD31ACE7790
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".... Z..........`........................................ .......U..........................................................P............p.. ........g......0...................................................@................................text... Z.......\.................. ..`.data........p.......`..............@....rdata...............z..............@..@.pdata.. ....p...0...T..............@..@.bss.....................................CRT................................@....idata..............................@....edata..............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\main.lua (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):201
                                                                                                                                                                                                          Entropy (8bit):4.465403493165412
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:JW4+sNv/lQBAHpbs/UcUFJKPACcAE8J6Xv:JB+slzs/tUrKcbXv
                                                                                                                                                                                                          MD5:62771A63FDC87764BFF87D82918AB02A
                                                                                                                                                                                                          SHA1:8E468DED8CED87A10470BD5594337A854FF344BA
                                                                                                                                                                                                          SHA-256:5C16124BA0B39214BECB1AF4161BD82147AD8468879A3FD8E9FACC656A1D2E6F
                                                                                                                                                                                                          SHA-512:8D1792B712504336CAC0B175146F2B7EAEDA043BD3941C7B7C54CF926A4BA4835F0EFF7A2AD5C7B5509F80E7420C3F5F94200D4C3F922DB92B807E20E09A84D0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:--This lua script gets loaded when Cheat Engine loads..--You can use this to define some often used functions and libraries you'd like to use....require("defines")....--for documentation read celua.txt

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\overlay.fx (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2086
                                                                                                                                                                                                          Entropy (8bit):4.748005607182281
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:HZooJUJAimKakohOgM4TDB6liofD0x6g8W:HioemKakaOgM4J6l5C6g8W
                                                                                                                                                                                                          MD5:650C02FC9F949D14D62E32DD7A894F5E
                                                                                                                                                                                                          SHA1:FA5399B01AADD9F1A4A5632F8632711C186EC0DE
                                                                                                                                                                                                          SHA-256:C4D23DB8EFFB359B4AA4D1E1E480486FE3A4586CE8243397A94250627BA4F8CC
                                                                                                                                                                                                          SHA-512:F2CAAF604C271283FC7AF3AA9674B9D647C4AC53DFFCA031DBF1220D3ED2E867943F5409A95F41C61D716879BED7C888735F43A068F1CC1452B4196D611CB76D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview://credits: ms d3d tutorials which I hacked apart....Texture2D txDiffuse : register( t0 );..SamplerState samLinear : register( s0 );....cbuffer ConstantBuffer : register( b0 )..{....float4x4 rotation;.. float2 originpoint;...float2 translation;...float2 scaling;...float transparency;....float garbage;...}..........//--------------------------------------------------------------------------------------..struct VS_INPUT..{.. float4 Pos : POSITION;.. float2 Tex : TEXCOORD0;..};....struct PS_INPUT..{.. float4 Pos : SV_POSITION;.. float2 Tex : TEXCOORD0;..};......//--------------------------------------------------------------------------------------..// Vertex Shader..//--------------------------------------------------------------------------------------..PS_INPUT VS( VS_INPUT input )..{.... PS_INPUT r=input;.. float4 rp;........ r.Pos[0]-=originpoint[0];.. r.Pos[1]+=originpoint[1];.. r.Pos=mul(r.Pos, rotation);.... r.Pos[0]+=originpoint[0];.. r.Pos[

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary.sln (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1513
                                                                                                                                                                                                          Entropy (8bit):5.570853751982549
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:pPEkvanEc5GgSyTA8VffAa6iAoPARiA2PAo6kA68IAvkAU8TlzbBW:pP0EmdSy8ZLlHRl19DPXvDxts
                                                                                                                                                                                                          MD5:8E1EECB2D6B4F579A7FE4B11361E1D96
                                                                                                                                                                                                          SHA1:647911F537437A80F06C1324AC9AF5843BFCFA01
                                                                                                                                                                                                          SHA-256:37DAA1B4FB9966A0EED6DAEBB98FAE863C92F433D97CEA90DD95107FA7F14A1A
                                                                                                                                                                                                          SHA-512:1BE14802B7B2C13DCAEDBFB8814C7DF011A48C27D83C249EE5C074ACD0AF2070595D8809EC1EF92A6DE1FF4BFA55B3D393A9E5390C04EEF72FD1F1952DA2CCAE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 15..VisualStudioVersion = 15.0.28307.489..MinimumVisualStudioVersion = 10.0.40219.1..Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CEPluginLibrary", "CEPluginLibrary\CEPluginLibrary.csproj", "{99772D98-3865-4E8D-BB02-A855950904F8}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Any CPU = Debug|Any CPU....Debug|x64 = Debug|x64....Release|Any CPU = Release|Any CPU....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|Any CPU.Build.0 = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|x64.ActiveCfg = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|x64.Build.0 = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Release|Any CPU.ActiveCfg = Releas

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\CEPluginLibrary.csproj (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2926
                                                                                                                                                                                                          Entropy (8bit):5.296204236636278
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3rYSjNJpu5z2fBZi43iqcscr14H1xmH/14H1BA6B6Kv6tH6T626HZ6sM6l6a6A3E:7YWnpu5CZi4ncsZxm4GE5vsHSBCHMOVo
                                                                                                                                                                                                          MD5:BD4AB4CC0D5BED5FBC5228F4035A191D
                                                                                                                                                                                                          SHA1:AE2B589B7342B9C2D30BDBE3575509F6C3DB5D47
                                                                                                                                                                                                          SHA-256:65121FFC91A1EEF66A3281ACFF99C3014DB81FF143A47B02ED6953710CFCAFD5
                                                                                                                                                                                                          SHA-512:81C9CCC18BB5BD0A0F714CB625E1EF0FB62EE20106A3386D812E343D322B7BCE435D5C61D575AE68DA26504B39131D5FBCF405524ADD8233A0D0E4E4405811AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />.. <PropertyGroup>.. <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>.. <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>.. <ProjectGuid>{99772D98-3865-4E8D-BB02-A855950904F8}</ProjectGuid>.. <OutputType>Library</OutputType>.. <AppDesignerFolder>Properties</AppDesignerFolder>.. <RootNamespace>CEPluginLibrary</RootNamespace>.. <AssemblyName>CEPluginExample</AssemblyName>.. <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>.. <FileAlignment>512</FileAlignment>.. <Deterministic>true</Deterministic>.. </PropertyGroup>.. <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\PluginExample.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4778
                                                                                                                                                                                                          Entropy (8bit):4.4952095990499785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Jo4h2nXV0VgqojlWXS+vx+FvDVfv6nEbvFUG7Fnm4Auzsq8tdlvuO4BVNT:9UF4ajlWXS+vx+FvDVfv6WdUGBnm4Au9
                                                                                                                                                                                                          MD5:B45C3E2829EED1BEB58ED85D8E27362B
                                                                                                                                                                                                          SHA1:9AFF1824269B8829B4903AC0DC53E7B314CAD5D0
                                                                                                                                                                                                          SHA-256:B16C0C45DCD137B01C6BB2ED3BBB7DECB406FDEC3D4AEBBF1F6EEB44E9039397
                                                                                                                                                                                                          SHA-512:771506912072FE9EB3500C9CCC9D02236B1DB579E02ECE9ABE538548B5F2FC0AD312EDF576DFCDE97F64E573D7B70B6CD73452BA426AAB1E8F31A9431942CC89
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading;..using System.Threading.Tasks;..using System.Windows.Forms;..using CESDK;....namespace CEPluginLibrary..{.. class PluginExample : CESDKPluginClass.. {.. public override string GetPluginName().. {.. return "C# Plugin Template for Cheat Engine 7.1+";.. }.... public override bool DisablePlugin() //called when disabled.. {.. .. return true;.. }.. .. public override bool EnablePlugin() //called when enabled.. {.. //you can use sdk here.. //sdk.lua.dostring("print('I am alive')");.. .... sdk.lua.Register("pluginexample1", MyFunction);.. sdk.lua.Register("pluginexample2", MyFunction2);.. sdk.lua.Register("pluginexample3", MyFunction3);.. sdk.lua.Register("pluginexample4", MyFunction4);.. sdk

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\PluginExampleForm.Designer.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9887
                                                                                                                                                                                                          Entropy (8bit):4.5923744109984925
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:Jwa+UHCXRQbXVkmGqYnowGCo0Q3fHRlsc5guLWoeU80bklzg8:Jw1UHqRQbXAoLCtQPHbsc5guLWD0bmh
                                                                                                                                                                                                          MD5:48A54615FB62B5964D621D88ABFF8C98
                                                                                                                                                                                                          SHA1:8131BA02B49DF23D592EF8FD24B1C9BED5BA0B94
                                                                                                                                                                                                          SHA-256:8E4B2FFFDA394E6F9376A930C3B0F1BAEFAF69CE68FA17C0A80A5B49D22633D0
                                                                                                                                                                                                          SHA-512:A433DD6D692263B3C190F1B1113962BEDCF68C0C947B1CD4C7BFD32755A397B9DBA02E3E668F7B548CB21C869E8D2183FDDCC2519D9D15082AA2C664CB0DF902
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.namespace CEPluginLibrary..{.. partial class PluginExampleForm.. {.. /// <summary>.. /// Required designer variable... /// </summary>.. private System.ComponentModel.IContainer components = null;.... /// <summary>.. /// Clean up any resources being used... /// </summary>.. /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>.. protected override void Dispose(bool disposing).. {.. if (disposing && (components != null)).. {.. components.Dispose();.. }.. base.Dispose(disposing);.. }.... #region Windows Form Designer generated code.... /// <summary>.. /// Required method for Designer support - do not modify.. /// the contents of this method with the code editor... /// </summary>.. private void InitializeComponent().. {.. this.button1 = new Sy

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\PluginExampleForm.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5253
                                                                                                                                                                                                          Entropy (8bit):4.220186376885213
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Jo4h4Dcz02nXVgqQUmzIxT1Y7wx7F74GwPgVK5z536uChJYqt+9UYNY:9KGpFDy7C7FwPgVcqu1NY
                                                                                                                                                                                                          MD5:D6A1CE4FE7D7E9321C47B5BA48BB0675
                                                                                                                                                                                                          SHA1:D2F7178B9607765FDBFC869EF2F3F25405E9D2E4
                                                                                                                                                                                                          SHA-256:F47E49AB8E84189B6C1DD2B4A018C43992B34B5E2C025B09CCE8BE9D60C58B6B
                                                                                                                                                                                                          SHA-512:9F4428E86FDF025D94BA897CC68B91056FF28A4BD2ED12DE2B9FEDE00D4396F3F53D05E4115D8CFD8F50B83891A7994001ED359E3A01C53C8578CD89DE5CC338
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.ComponentModel;..using System.Data;..using System.Drawing;..using System.Linq;..using System.Text;..using System.Threading.Tasks;..using System.Windows.Forms;..using CESDK;....namespace CEPluginLibrary..{.. public partial class PluginExampleForm : Form.. {.. MemScan ms;.. FoundList fl;.... public PluginExampleForm().. {.. InitializeComponent();.. }.... private void button1_Click(object sender, EventArgs e).. { .. MessageBox.Show("WEEEEEEE");.. GC.Collect();.. }.... .... private void MemScanDone(object sender).. {.. //called from CE's main UI thread. Problematic if the form was created using a new thread.. if (this.InvokeRequired).. { .. this.BeginInvoke(((MemScan)sender).OnScanDone,sender);.. }.. else..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\PluginExampleForm.resx (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5817
                                                                                                                                                                                                          Entropy (8bit):4.7214047966009245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
                                                                                                                                                                                                          MD5:4EB5913A0E5AA842250F7419538FA230
                                                                                                                                                                                                          SHA1:31FB76E5D9BABE97A11FEA041081F96CE426107A
                                                                                                                                                                                                          SHA-256:4363CD7D5B8671C72442CE1A1BFC10D64EBD24B2D718B54BD4FCD025E4967298
                                                                                                                                                                                                          SHA-512:846207F9DB4C05D2070482C27AF72C50B8F423AC1C7EFB5266B059F6A41362704E9F5A590E428F4AEFD791EDD2E21C1B34473361911CBEEA2CFCAF741B5BEBFF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<root>.. .. Microsoft ResX Schema .. .. Version 2.0.. .. The primary goals of this format is to allow a simple XML format .. that is mostly human readable. The generation and parsing of the .. various data types are done through the TypeConverter classes .. associated with the data types... .. Example:.. .. ... ado.net/XML headers & schema ..... <resheader name="resmimetype">text/microsoft-resx</resheader>.. <resheader name="version">2.0</resheader>.. <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>.. <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>.. <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>.. <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>.. <data name="Bitmap1" mimetype="application/x-microsoft

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\AssemblyInfo.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1437
                                                                                                                                                                                                          Entropy (8bit):5.076090513105922
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:JINebtJwLK0YRr/h+K+BPG/+W+t7kn5e3rmXeYhQ7MJnYUc:Jwebt+LKJRr/hp+PG/j+hk5eCuYh/5YF
                                                                                                                                                                                                          MD5:62142985D98CA0708215AACD89AEB34D
                                                                                                                                                                                                          SHA1:98382B9A288905D9A38B013122A22A6118990FD7
                                                                                                                                                                                                          SHA-256:B308630E16DAAE770982D45A64A9AC63136921A1F174CBC0A645E36142DB2128
                                                                                                                                                                                                          SHA-512:BAEC8A5EDBD21140A8424721D7E16F16FDDB61D9E4EC026A5C10C22B52FA389F98A1756928FA0967959CB4B1EBC22ACF48A11F5C308E256BCF74037F637E817E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System.Reflection;..using System.Runtime.CompilerServices;..using System.Runtime.InteropServices;....// General Information about an assembly is controlled through the following..// set of attributes. Change these attribute values to modify the information..// associated with an assembly...[assembly: AssemblyTitle("CEPluginLibrary")]..[assembly: AssemblyDescription("")]..[assembly: AssemblyConfiguration("")]..[assembly: AssemblyCompany("")]..[assembly: AssemblyProduct("CEPluginLibrary")]..[assembly: AssemblyCopyright("Copyright . 2020")]..[assembly: AssemblyTrademark("")]..[assembly: AssemblyCulture("")]....// Setting ComVisible to false makes the types in this assembly not visible..// to COM components. If you need to access a type in this assembly from..// COM, set the ComVisible attribute to true on that type...[assembly: ComVisible(false)]....// The following GUID is for the ID of the typelib if this project is exposed to COM..[assembly: Guid("99772d98-3865-4e8d-bb02-a8

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\Properties\is-8KF69.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1437
                                                                                                                                                                                                          Entropy (8bit):5.076090513105922
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:JINebtJwLK0YRr/h+K+BPG/+W+t7kn5e3rmXeYhQ7MJnYUc:Jwebt+LKJRr/hp+PG/j+hk5eCuYh/5YF
                                                                                                                                                                                                          MD5:62142985D98CA0708215AACD89AEB34D
                                                                                                                                                                                                          SHA1:98382B9A288905D9A38B013122A22A6118990FD7
                                                                                                                                                                                                          SHA-256:B308630E16DAAE770982D45A64A9AC63136921A1F174CBC0A645E36142DB2128
                                                                                                                                                                                                          SHA-512:BAEC8A5EDBD21140A8424721D7E16F16FDDB61D9E4EC026A5C10C22B52FA389F98A1756928FA0967959CB4B1EBC22ACF48A11F5C308E256BCF74037F637E817E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System.Reflection;..using System.Runtime.CompilerServices;..using System.Runtime.InteropServices;....// General Information about an assembly is controlled through the following..// set of attributes. Change these attribute values to modify the information..// associated with an assembly...[assembly: AssemblyTitle("CEPluginLibrary")]..[assembly: AssemblyDescription("")]..[assembly: AssemblyConfiguration("")]..[assembly: AssemblyCompany("")]..[assembly: AssemblyProduct("CEPluginLibrary")]..[assembly: AssemblyCopyright("Copyright . 2020")]..[assembly: AssemblyTrademark("")]..[assembly: AssemblyCulture("")]....// Setting ComVisible to false makes the types in this assembly not visible..// to COM components. If you need to access a type in this assembly from..// COM, set the ComVisible attribute to true on that type...[assembly: ComVisible(false)]....// The following GUID is for the ID of the typelib if this project is exposed to COM..[assembly: Guid("99772d98-3865-4e8d-bb02-a8

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\CEObjectWrapper.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):982
                                                                                                                                                                                                          Entropy (8bit):4.435515760549183
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:Jo4KM2nkqVp3gqI6BkUSx2n1TY6yhdRcAv1iY:Jo4h2nXVGqI6GU5dyFxiY
                                                                                                                                                                                                          MD5:5D0DEB0B6B7C873B5F56BCEDA264B77F
                                                                                                                                                                                                          SHA1:49EE6163658B643F4368471239A0E0D196DD714D
                                                                                                                                                                                                          SHA-256:AD5E1FC96B40B64A65C5901006BD4823FF71B5D846856DB89115D667D112ED6A
                                                                                                                                                                                                          SHA-512:F5322FE291655663EB3D2817AD17C3CFF4ABF6A9D2F9B85B93060DB782BA63E82B7A1B5969849B9CEF25552F5F0E35EFE1572C0A48AB4869F54B304524C1565A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. /// <summary>.. /// Base class for implementing objects inherited from TObject (just a destructor in this case).. /// </summary>.. class CEObjectWrapper.. { .. protected CESDKLua lua = CESDK.currentPlugin.sdk.lua;.. protected IntPtr CEObject;.. public IntPtr obj { get { return CEObject; } }........ ~CEObjectWrapper().. {.. if (CEObject != IntPtr.Zero).. {.. lua.PushCEObject(CEObject);.. lua.PushString("destroy");.. lua.GetTable(-2);.... if (lua.IsFunction(-1)).. {.. lua.PCall(0, 0);.. }.. else.. throw new System.ApplicationException("Object without a destroy method");.. }.. }.. }..}..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\CESDK.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6763
                                                                                                                                                                                                          Entropy (8bit):4.595472479915153
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:9UbHGZa1JsDzbH6eHpRHQHOHLOGNQfzN8fWsZEPjR2uTDKIuj1JK+Kz:9ksD7wurO9zjsu1rTuS
                                                                                                                                                                                                          MD5:AB17C7A5C7A57BA82912E2D05D1CE525
                                                                                                                                                                                                          SHA1:A32917633EB47144520E2DCA14E15F5F46643A4E
                                                                                                                                                                                                          SHA-256:545F6394AAE6C7DE8DF94DB797BBE09EB87AAAED2A5A22410BD42618F7F61999
                                                                                                                                                                                                          SHA-512:8B0F2C787BB79F6A40628AF3AB9D16A08A15128EE4D79E4F9DFBEA663200C00C5391C6CF965DE502F79E5927283FC42E700B9AA3664A78DB4404046AB9D81251
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Runtime.InteropServices;..using System.Text;..using System.Threading.Tasks;..using System.Reflection;......//CE SDK wrapper. You usually don't need to be here, so close your eyes and walk away....namespace CESDK..{.. .. public abstract class CESDKPluginClass.. {.. public CESDK sdk;.. public abstract String GetPluginName();.. public abstract Boolean EnablePlugin();.. public abstract Boolean DisablePlugin();.. }.... [StructLayout(LayoutKind.Sequential)].. public struct TExportedFunctions.. {.. public int sizeofExportedFunctions;.. public IntPtr GetLuaState;.. public IntPtr LuaRegister;.. public IntPtr LuaPushClassInstance;.. public IntPtr ProcessMessages;.. public IntPtr CheckSynchronize;.. }.... public class CESDK.. {.. public static CESDKPluginClass currentPlugin;.. public CESDKLua lua;..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\CESDKLua.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):23899
                                                                                                                                                                                                          Entropy (8bit):4.746150555809051
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:48k5CqoQyEIC9hgEcxmae6QtCJBn/wbvQN3cPcsq4FxNUjrbqXEozS/q/hQXb6mV:WUq5QXey
                                                                                                                                                                                                          MD5:2B831125B3F0573EC8B12FDB91DA2FD3
                                                                                                                                                                                                          SHA1:E6AEDE01D2EA3D05D825A8D04D0DD9E3831EEA84
                                                                                                                                                                                                          SHA-256:7E625FFA7E5F39351AA558021886075A251A24C111AE3C67AB75A2487EEF6689
                                                                                                                                                                                                          SHA-512:E811D11FB8C2F24AE9A6893989702E9ECF674C977704D29733FCA44491FF793CB3E8A4DD99D699145AAE92EFAB0F64CC63615EA3108953024516CB95EB927D35
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.//Copyright Cheat Engine 2020..using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;..using System.Runtime.InteropServices;....namespace CESDK..{.. public class CESDKLua.. {.. private const int LUA_TNONE = -1;.. private const int LUA_TNIL = 0;.. private const int LUA_TBOOLEAN = 1;.. private const int LUA_TLIGHTUSERDATA = 2;.. private const int LUA_TNUMBER = 3;.. private const int LUA_TSTRING = 4;.. private const int LUA_TTABLE = 5;.. private const int LUA_TFUNCTION = 6;.. private const int LUA_TUSERDATA = 7;.. private const int LUA_TTHREAD = 8; .... [DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)].. static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.LPStr)]string lpFileName);.... [DllImport("kernel32.dll", SetLastError = true, Cha

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\FoundList.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3404
                                                                                                                                                                                                          Entropy (8bit):3.9340216921200066
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Jo4h2nXVG6n6cbwhwGICIIAIwhICIIA9jx5J:9UFL6PIfIz
                                                                                                                                                                                                          MD5:1DD2F4D1FACD43BB2CA69C75FEA92A5B
                                                                                                                                                                                                          SHA1:E9B62F784A2BB86A26A31D6F82679DFC483FFB58
                                                                                                                                                                                                          SHA-256:6B412B63F5B15B7B247A191D4D76F4B9F4F3F135DA44E46A31CE1C801DDBDA4C
                                                                                                                                                                                                          SHA-512:A09A38C925F5CB3043CCFF4C4A07715DFEA6666B116DA6120F21FF53C2A201A841C936639E3A9A58ABE4E320FE12155936E9890F5DB7CBD1128D93110AECB26B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. //Not much of an SDK but more an example of how to wrap the exposed classes by CE into C# classes. Learn from this and implement the other features you like...... class FoundList :CEObjectWrapper.. {.. public int Count { get { return GetCount(); } }.... int GetCount().. {.. try.. {.. lua.PushCEObject(CEObject);.. lua.PushString("Count");.. lua.GetTable(-2);.... return (int)lua.ToInteger(-1);.. }.. finally.. {.. lua.SetTop(0);.. } .. }.... public string GetAddress(int i).. {.. .. try.. {.. lua.PushCEObject(CEObject);.. lua.PushString("Address");.. lua.GetTable(-2

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\MemScan.cs (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8480
                                                                                                                                                                                                          Entropy (8bit):4.327578339834133
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Jo4h2nXVG6ncxU750WM5Eo7F1MF1F8S+sY7wxhJ0wxLnwgcLiBsl6qRRt0txt5qX:9UFLcxU90WCnx7eLOLkiL1L327mDl
                                                                                                                                                                                                          MD5:8570870BDF281AA6FE801B53CB4647DE
                                                                                                                                                                                                          SHA1:0A6F0EAE1BAD8AE9BA42CA49CE963C1EC6758522
                                                                                                                                                                                                          SHA-256:2B3F24397889FEF6B449D252A8929C57C6765C73D93A717902F6F5E63DFBDDC2
                                                                                                                                                                                                          SHA-512:86E436029AF6968289B54204A8F008ABD50ACECC889C1A6773BF2C3073196F366203A2D506BEC85AF3CC580CD71C3806708AD745DD65D18A2AE0D02AA4F5F1E1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. //Not much of an SDK but more an example of how to wrap the exposed classes by CE into C# classes. Learn from this and implement the other features you like.... public enum ScanOptions.. {.. soUnknownValue = 0,.. soExactValue = 1,.. soValueBetween = 2,.. soBiggerThan = 3,.. soSmallerThan = 4,.. soIncreasedValue = 5,.. soIncreasedValueBy = 6,.. soDecreasedValue = 7,.. soDecreasedValueBy = 8,.. soChanged = 9,.. soUnchanged = 10.. }.... public enum VarTypes.. {.. vtByte = 0,.. vtWord = 1,.. vtDword = 2,.. vtQword = 3,.. vtSingle = 4,.. vtDouble = 5,.. vtString = 6,.. vtUnicodeString = 7, //--Only used by autoguess.. vtWideString = 7,.. vtByteArray = 8,.. vtBinary = 9,..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-2JDHM.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3404
                                                                                                                                                                                                          Entropy (8bit):3.9340216921200066
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Jo4h2nXVG6n6cbwhwGICIIAIwhICIIA9jx5J:9UFL6PIfIz
                                                                                                                                                                                                          MD5:1DD2F4D1FACD43BB2CA69C75FEA92A5B
                                                                                                                                                                                                          SHA1:E9B62F784A2BB86A26A31D6F82679DFC483FFB58
                                                                                                                                                                                                          SHA-256:6B412B63F5B15B7B247A191D4D76F4B9F4F3F135DA44E46A31CE1C801DDBDA4C
                                                                                                                                                                                                          SHA-512:A09A38C925F5CB3043CCFF4C4A07715DFEA6666B116DA6120F21FF53C2A201A841C936639E3A9A58ABE4E320FE12155936E9890F5DB7CBD1128D93110AECB26B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. //Not much of an SDK but more an example of how to wrap the exposed classes by CE into C# classes. Learn from this and implement the other features you like...... class FoundList :CEObjectWrapper.. {.. public int Count { get { return GetCount(); } }.... int GetCount().. {.. try.. {.. lua.PushCEObject(CEObject);.. lua.PushString("Count");.. lua.GetTable(-2);.... return (int)lua.ToInteger(-1);.. }.. finally.. {.. lua.SetTop(0);.. } .. }.... public string GetAddress(int i).. {.. .. try.. {.. lua.PushCEObject(CEObject);.. lua.PushString("Address");.. lua.GetTable(-2

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-DS7TE.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6763
                                                                                                                                                                                                          Entropy (8bit):4.595472479915153
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:9UbHGZa1JsDzbH6eHpRHQHOHLOGNQfzN8fWsZEPjR2uTDKIuj1JK+Kz:9ksD7wurO9zjsu1rTuS
                                                                                                                                                                                                          MD5:AB17C7A5C7A57BA82912E2D05D1CE525
                                                                                                                                                                                                          SHA1:A32917633EB47144520E2DCA14E15F5F46643A4E
                                                                                                                                                                                                          SHA-256:545F6394AAE6C7DE8DF94DB797BBE09EB87AAAED2A5A22410BD42618F7F61999
                                                                                                                                                                                                          SHA-512:8B0F2C787BB79F6A40628AF3AB9D16A08A15128EE4D79E4F9DFBEA663200C00C5391C6CF965DE502F79E5927283FC42E700B9AA3664A78DB4404046AB9D81251
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Runtime.InteropServices;..using System.Text;..using System.Threading.Tasks;..using System.Reflection;......//CE SDK wrapper. You usually don't need to be here, so close your eyes and walk away....namespace CESDK..{.. .. public abstract class CESDKPluginClass.. {.. public CESDK sdk;.. public abstract String GetPluginName();.. public abstract Boolean EnablePlugin();.. public abstract Boolean DisablePlugin();.. }.... [StructLayout(LayoutKind.Sequential)].. public struct TExportedFunctions.. {.. public int sizeofExportedFunctions;.. public IntPtr GetLuaState;.. public IntPtr LuaRegister;.. public IntPtr LuaPushClassInstance;.. public IntPtr ProcessMessages;.. public IntPtr CheckSynchronize;.. }.... public class CESDK.. {.. public static CESDKPluginClass currentPlugin;.. public CESDKLua lua;..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-HTFR3.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):23899
                                                                                                                                                                                                          Entropy (8bit):4.746150555809051
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:48k5CqoQyEIC9hgEcxmae6QtCJBn/wbvQN3cPcsq4FxNUjrbqXEozS/q/hQXb6mV:WUq5QXey
                                                                                                                                                                                                          MD5:2B831125B3F0573EC8B12FDB91DA2FD3
                                                                                                                                                                                                          SHA1:E6AEDE01D2EA3D05D825A8D04D0DD9E3831EEA84
                                                                                                                                                                                                          SHA-256:7E625FFA7E5F39351AA558021886075A251A24C111AE3C67AB75A2487EEF6689
                                                                                                                                                                                                          SHA-512:E811D11FB8C2F24AE9A6893989702E9ECF674C977704D29733FCA44491FF793CB3E8A4DD99D699145AAE92EFAB0F64CC63615EA3108953024516CB95EB927D35
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.//Copyright Cheat Engine 2020..using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;..using System.Runtime.InteropServices;....namespace CESDK..{.. public class CESDKLua.. {.. private const int LUA_TNONE = -1;.. private const int LUA_TNIL = 0;.. private const int LUA_TBOOLEAN = 1;.. private const int LUA_TLIGHTUSERDATA = 2;.. private const int LUA_TNUMBER = 3;.. private const int LUA_TSTRING = 4;.. private const int LUA_TTABLE = 5;.. private const int LUA_TFUNCTION = 6;.. private const int LUA_TUSERDATA = 7;.. private const int LUA_TTHREAD = 8; .... [DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)].. static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.LPStr)]string lpFileName);.... [DllImport("kernel32.dll", SetLastError = true, Cha

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-Q5KUL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8480
                                                                                                                                                                                                          Entropy (8bit):4.327578339834133
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Jo4h2nXVG6ncxU750WM5Eo7F1MF1F8S+sY7wxhJ0wxLnwgcLiBsl6qRRt0txt5qX:9UFLcxU90WCnx7eLOLkiL1L327mDl
                                                                                                                                                                                                          MD5:8570870BDF281AA6FE801B53CB4647DE
                                                                                                                                                                                                          SHA1:0A6F0EAE1BAD8AE9BA42CA49CE963C1EC6758522
                                                                                                                                                                                                          SHA-256:2B3F24397889FEF6B449D252A8929C57C6765C73D93A717902F6F5E63DFBDDC2
                                                                                                                                                                                                          SHA-512:86E436029AF6968289B54204A8F008ABD50ACECC889C1A6773BF2C3073196F366203A2D506BEC85AF3CC580CD71C3806708AD745DD65D18A2AE0D02AA4F5F1E1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. //Not much of an SDK but more an example of how to wrap the exposed classes by CE into C# classes. Learn from this and implement the other features you like.... public enum ScanOptions.. {.. soUnknownValue = 0,.. soExactValue = 1,.. soValueBetween = 2,.. soBiggerThan = 3,.. soSmallerThan = 4,.. soIncreasedValue = 5,.. soIncreasedValueBy = 6,.. soDecreasedValue = 7,.. soDecreasedValueBy = 8,.. soChanged = 9,.. soUnchanged = 10.. }.... public enum VarTypes.. {.. vtByte = 0,.. vtWord = 1,.. vtDword = 2,.. vtQword = 3,.. vtSingle = 4,.. vtDouble = 5,.. vtString = 6,.. vtUnicodeString = 7, //--Only used by autoguess.. vtWideString = 7,.. vtByteArray = 8,.. vtBinary = 9,..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\SDK\is-QF79C.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):982
                                                                                                                                                                                                          Entropy (8bit):4.435515760549183
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:Jo4KM2nkqVp3gqI6BkUSx2n1TY6yhdRcAv1iY:Jo4h2nXVGqI6GU5dyFxiY
                                                                                                                                                                                                          MD5:5D0DEB0B6B7C873B5F56BCEDA264B77F
                                                                                                                                                                                                          SHA1:49EE6163658B643F4368471239A0E0D196DD714D
                                                                                                                                                                                                          SHA-256:AD5E1FC96B40B64A65C5901006BD4823FF71B5D846856DB89115D667D112ED6A
                                                                                                                                                                                                          SHA-512:F5322FE291655663EB3D2817AD17C3CFF4ABF6A9D2F9B85B93060DB782BA63E82B7A1B5969849B9CEF25552F5F0E35EFE1572C0A48AB4869F54B304524C1565A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading.Tasks;....namespace CESDK..{.. /// <summary>.. /// Base class for implementing objects inherited from TObject (just a destructor in this case).. /// </summary>.. class CEObjectWrapper.. { .. protected CESDKLua lua = CESDK.currentPlugin.sdk.lua;.. protected IntPtr CEObject;.. public IntPtr obj { get { return CEObject; } }........ ~CEObjectWrapper().. {.. if (CEObject != IntPtr.Zero).. {.. lua.PushCEObject(CEObject);.. lua.PushString("destroy");.. lua.GetTable(-2);.... if (lua.IsFunction(-1)).. {.. lua.PCall(0, 0);.. }.. else.. throw new System.ApplicationException("Object without a destroy method");.. }.. }.. }..}..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\CEPluginExample.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):37888
                                                                                                                                                                                                          Entropy (8bit):5.226890017930093
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:o59YiDgzS3ejrtGtl1Ym+l+rZz4Awdewwwwd2d+e5R777N1HVM7gbvIVBlGiezFM:PmgeujrtGt7Ym+AZxwdewwwwcd+e5RPa
                                                                                                                                                                                                          MD5:2DF506F3E3969F3DDA3EF32D21F8B210
                                                                                                                                                                                                          SHA1:77391130A4C3853315882FEA9877B5A0132E737F
                                                                                                                                                                                                          SHA-256:C49E654839B293C1D1E6D5F245E49A8CAD787E70B3D0EB2659024E6D6ED44BC5
                                                                                                                                                                                                          SHA-512:22F7F01EBE710423548015C3C87F758F07AEEC93FEFECE5ED6C2AAE8C3D6BAF26D60678E382A0C97B7C8942F2163140146C002D72ABF3014708A4147B654F410
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]............" ..0.................. ........... ....................................`.....................................O......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........D..|d..........8.................................................(....*2.{....o....*6.{.....o....*R.~....}......}.....*.0..y.........}......q....}.....{....-...|....{....(...+}.....{....-...|....{....(...+}.....{....-...so...}....~.....}....~....o....*.~....o....*..(............s....}............s....}............s....}....*..0..........~....-.s.........~....(....-k.....(....o....o.......+,........(....o....,....(....t.........+...X...(...+2.~....-..*~....o....(.....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\bin\Release\is-RNLT1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):37888
                                                                                                                                                                                                          Entropy (8bit):5.226890017930093
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:o59YiDgzS3ejrtGtl1Ym+l+rZz4Awdewwwwd2d+e5R777N1HVM7gbvIVBlGiezFM:PmgeujrtGt7Ym+AZxwdewwwwcd+e5RPa
                                                                                                                                                                                                          MD5:2DF506F3E3969F3DDA3EF32D21F8B210
                                                                                                                                                                                                          SHA1:77391130A4C3853315882FEA9877B5A0132E737F
                                                                                                                                                                                                          SHA-256:C49E654839B293C1D1E6D5F245E49A8CAD787E70B3D0EB2659024E6D6ED44BC5
                                                                                                                                                                                                          SHA-512:22F7F01EBE710423548015C3C87F758F07AEEC93FEFECE5ED6C2AAE8C3D6BAF26D60678E382A0C97B7C8942F2163140146C002D72ABF3014708A4147B654F410
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]............" ..0.................. ........... ....................................`.....................................O......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........D..|d..........8.................................................(....*2.{....o....*6.{.....o....*R.~....}......}.....*.0..y.........}......q....}.....{....-...|....{....(...+}.....{....-...|....{....(...+}.....{....-...so...}....~.....}....~....o....*.~....o....*..(............s....}............s....}............s....}....*..0..........~....-.s.........~....(....-k.....(....o....o.......+,........(....o....,....(....t.........+...X...(...+2.~....-..*~....o....(.....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-4F1HP.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5253
                                                                                                                                                                                                          Entropy (8bit):4.220186376885213
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Jo4h4Dcz02nXVgqQUmzIxT1Y7wx7F74GwPgVK5z536uChJYqt+9UYNY:9KGpFDy7C7FwPgVcqu1NY
                                                                                                                                                                                                          MD5:D6A1CE4FE7D7E9321C47B5BA48BB0675
                                                                                                                                                                                                          SHA1:D2F7178B9607765FDBFC869EF2F3F25405E9D2E4
                                                                                                                                                                                                          SHA-256:F47E49AB8E84189B6C1DD2B4A018C43992B34B5E2C025B09CCE8BE9D60C58B6B
                                                                                                                                                                                                          SHA-512:9F4428E86FDF025D94BA897CC68B91056FF28A4BD2ED12DE2B9FEDE00D4396F3F53D05E4115D8CFD8F50B83891A7994001ED359E3A01C53C8578CD89DE5CC338
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.ComponentModel;..using System.Data;..using System.Drawing;..using System.Linq;..using System.Text;..using System.Threading.Tasks;..using System.Windows.Forms;..using CESDK;....namespace CEPluginLibrary..{.. public partial class PluginExampleForm : Form.. {.. MemScan ms;.. FoundList fl;.... public PluginExampleForm().. {.. InitializeComponent();.. }.... private void button1_Click(object sender, EventArgs e).. { .. MessageBox.Show("WEEEEEEE");.. GC.Collect();.. }.... .... private void MemScanDone(object sender).. {.. //called from CE's main UI thread. Problematic if the form was created using a new thread.. if (this.InvokeRequired).. { .. this.BeginInvoke(((MemScan)sender).OnScanDone,sender);.. }.. else..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-55SGL.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4778
                                                                                                                                                                                                          Entropy (8bit):4.4952095990499785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Jo4h2nXV0VgqojlWXS+vx+FvDVfv6nEbvFUG7Fnm4Auzsq8tdlvuO4BVNT:9UF4ajlWXS+vx+FvDVfv6WdUGBnm4Au9
                                                                                                                                                                                                          MD5:B45C3E2829EED1BEB58ED85D8E27362B
                                                                                                                                                                                                          SHA1:9AFF1824269B8829B4903AC0DC53E7B314CAD5D0
                                                                                                                                                                                                          SHA-256:B16C0C45DCD137B01C6BB2ED3BBB7DECB406FDEC3D4AEBBF1F6EEB44E9039397
                                                                                                                                                                                                          SHA-512:771506912072FE9EB3500C9CCC9D02236B1DB579E02ECE9ABE538548B5F2FC0AD312EDF576DFCDE97F64E573D7B70B6CD73452BA426AAB1E8F31A9431942CC89
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.using System;..using System.Collections.Generic;..using System.Linq;..using System.Text;..using System.Threading;..using System.Threading.Tasks;..using System.Windows.Forms;..using CESDK;....namespace CEPluginLibrary..{.. class PluginExample : CESDKPluginClass.. {.. public override string GetPluginName().. {.. return "C# Plugin Template for Cheat Engine 7.1+";.. }.... public override bool DisablePlugin() //called when disabled.. {.. .. return true;.. }.. .. public override bool EnablePlugin() //called when enabled.. {.. //you can use sdk here.. //sdk.lua.dostring("print('I am alive')");.. .... sdk.lua.Register("pluginexample1", MyFunction);.. sdk.lua.Register("pluginexample2", MyFunction2);.. sdk.lua.Register("pluginexample3", MyFunction3);.. sdk.lua.Register("pluginexample4", MyFunction4);.. sdk

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-8R982.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9887
                                                                                                                                                                                                          Entropy (8bit):4.5923744109984925
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:Jwa+UHCXRQbXVkmGqYnowGCo0Q3fHRlsc5guLWoeU80bklzg8:Jw1UHqRQbXAoLCtQPHbsc5guLWD0bmh
                                                                                                                                                                                                          MD5:48A54615FB62B5964D621D88ABFF8C98
                                                                                                                                                                                                          SHA1:8131BA02B49DF23D592EF8FD24B1C9BED5BA0B94
                                                                                                                                                                                                          SHA-256:8E4B2FFFDA394E6F9376A930C3B0F1BAEFAF69CE68FA17C0A80A5B49D22633D0
                                                                                                                                                                                                          SHA-512:A433DD6D692263B3C190F1B1113962BEDCF68C0C947B1CD4C7BFD32755A397B9DBA02E3E668F7B548CB21C869E8D2183FDDCC2519D9D15082AA2C664CB0DF902
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.namespace CEPluginLibrary..{.. partial class PluginExampleForm.. {.. /// <summary>.. /// Required designer variable... /// </summary>.. private System.ComponentModel.IContainer components = null;.... /// <summary>.. /// Clean up any resources being used... /// </summary>.. /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>.. protected override void Dispose(bool disposing).. {.. if (disposing && (components != null)).. {.. components.Dispose();.. }.. base.Dispose(disposing);.. }.... #region Windows Form Designer generated code.... /// <summary>.. /// Required method for Designer support - do not modify.. /// the contents of this method with the code editor... /// </summary>.. private void InitializeComponent().. {.. this.button1 = new Sy

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-DIII9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2926
                                                                                                                                                                                                          Entropy (8bit):5.296204236636278
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:3rYSjNJpu5z2fBZi43iqcscr14H1xmH/14H1BA6B6Kv6tH6T626HZ6sM6l6a6A3E:7YWnpu5CZi4ncsZxm4GE5vsHSBCHMOVo
                                                                                                                                                                                                          MD5:BD4AB4CC0D5BED5FBC5228F4035A191D
                                                                                                                                                                                                          SHA1:AE2B589B7342B9C2D30BDBE3575509F6C3DB5D47
                                                                                                                                                                                                          SHA-256:65121FFC91A1EEF66A3281ACFF99C3014DB81FF143A47B02ED6953710CFCAFD5
                                                                                                                                                                                                          SHA-512:81C9CCC18BB5BD0A0F714CB625E1EF0FB62EE20106A3386D812E343D322B7BCE435D5C61D575AE68DA26504B39131D5FBCF405524ADD8233A0D0E4E4405811AF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />.. <PropertyGroup>.. <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>.. <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>.. <ProjectGuid>{99772D98-3865-4E8D-BB02-A855950904F8}</ProjectGuid>.. <OutputType>Library</OutputType>.. <AppDesignerFolder>Properties</AppDesignerFolder>.. <RootNamespace>CEPluginLibrary</RootNamespace>.. <AssemblyName>CEPluginExample</AssemblyName>.. <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>.. <FileAlignment>512</FileAlignment>.. <Deterministic>true</Deterministic>.. </PropertyGroup>.. <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\CEPluginLibrary\is-NR97V.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5817
                                                                                                                                                                                                          Entropy (8bit):4.7214047966009245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:fijrkiK5k5LPXbac9m5Lv6FzSvd4gIRjETUT2+0qSdvabvDBwbjBu3FqvuFZ:KjrbLPD9sLvIzSvKgIqUyahFZ
                                                                                                                                                                                                          MD5:4EB5913A0E5AA842250F7419538FA230
                                                                                                                                                                                                          SHA1:31FB76E5D9BABE97A11FEA041081F96CE426107A
                                                                                                                                                                                                          SHA-256:4363CD7D5B8671C72442CE1A1BFC10D64EBD24B2D718B54BD4FCD025E4967298
                                                                                                                                                                                                          SHA-512:846207F9DB4C05D2070482C27AF72C50B8F423AC1C7EFB5266B059F6A41362704E9F5A590E428F4AEFD791EDD2E21C1B34473361911CBEEA2CFCAF741B5BEBFF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<root>.. .. Microsoft ResX Schema .. .. Version 2.0.. .. The primary goals of this format is to allow a simple XML format .. that is mostly human readable. The generation and parsing of the .. various data types are done through the TypeConverter classes .. associated with the data types... .. Example:.. .. ... ado.net/XML headers & schema ..... <resheader name="resmimetype">text/microsoft-resx</resheader>.. <resheader name="version">2.0</resheader>.. <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>.. <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>.. <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>.. <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>.. <data name="Bitmap1" mimetype="application/x-microsoft

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\c# template\is-K33G0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1513
                                                                                                                                                                                                          Entropy (8bit):5.570853751982549
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:pPEkvanEc5GgSyTA8VffAa6iAoPARiA2PAo6kA68IAvkAU8TlzbBW:pP0EmdSy8ZLlHRl19DPXvDxts
                                                                                                                                                                                                          MD5:8E1EECB2D6B4F579A7FE4B11361E1D96
                                                                                                                                                                                                          SHA1:647911F537437A80F06C1324AC9AF5843BFCFA01
                                                                                                                                                                                                          SHA-256:37DAA1B4FB9966A0EED6DAEBB98FAE863C92F433D97CEA90DD95107FA7F14A1A
                                                                                                                                                                                                          SHA-512:1BE14802B7B2C13DCAEDBFB8814C7DF011A48C27D83C249EE5C074ACD0AF2070595D8809EC1EF92A6DE1FF4BFA55B3D393A9E5390C04EEF72FD1F1952DA2CCAE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 15..VisualStudioVersion = 15.0.28307.489..MinimumVisualStudioVersion = 10.0.40219.1..Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CEPluginLibrary", "CEPluginLibrary\CEPluginLibrary.csproj", "{99772D98-3865-4E8D-BB02-A855950904F8}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Any CPU = Debug|Any CPU....Debug|x64 = Debug|x64....Release|Any CPU = Release|Any CPU....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|Any CPU.Build.0 = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|x64.ActiveCfg = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Debug|x64.Build.0 = Debug|Any CPU....{99772D98-3865-4E8D-BB02-A855950904F8}.Release|Any CPU.ActiveCfg = Releas

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\cepluginsdk.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21249
                                                                                                                                                                                                          Entropy (8bit):5.473071232947375
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:MxdQ1dn5s8SJRF6A64O0pgwzG1AXQpmwpN6NnES1sq9X5T:Mxu5s8Kq0pgh1AXKbcnEMT
                                                                                                                                                                                                          MD5:E4FFD1E2C206AEB1FC1B8ACB2D2FFC38
                                                                                                                                                                                                          SHA1:A13B6AEF7AA457D47F2745924D4808DAAAB7A809
                                                                                                                                                                                                          SHA-256:B6500DF1E94D7BB011B38E173B2603197B7A1F304496D751EDE82E57E36E532F
                                                                                                                                                                                                          SHA-512:25BAC2C4782B15B86BD5940232B91A1227C286979B93E2F5A8129814AFC619AB6A57B8EF6EA60E92B78B16CDEE39098E8CD0129020E73D3A8872AA2421834833
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*.. cepluginsdk.h.. Updated July 4, 2017.... v5.0.0..*/..#ifndef CEPLUGINSDK_H..#define CEPLUGINSDK_H....#include <windows.h>..#include "lua.h"..#include "lualib.h"..#include "lauxlib.h"......#define CESDK_VERSION 6....typedef enum {ptAddressList=0, ptMemoryView=1, ptOnDebugEvent=2, ptProcesswatcherEvent=3, ptFunctionPointerchange=4, ptMainMenu=5, ptDisassemblerContext=6, ptDisassemblerRenderLine=7, ptAutoAssembler=8} PluginType;..typedef enum {aaInitialize=0, aaPhase1=1, aaPhase2=2, aaFinalize=3} AutoAssemblerPhase;....typedef struct _PluginVersion..{.. unsigned int version; //write here the minimum version this dll is compatible with (Current supported version: 1 and 2: this SDK only describes 2).. char *pluginname; //make this point to a 0-terminated string (allocated memory or static addressin your dll, not stack)..} PluginVersion, *PPluginVersion;....typedef struct _PLUGINTYPE0_RECORD..{.. char *interpretedaddress; //pointer to a 255 bytes long string (0 terminated).. UINT_P

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\cepluginsdk.pas (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20820
                                                                                                                                                                                                          Entropy (8bit):4.9478688580965615
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:BxYxU2LDxW7ZTDfKZeiH22CT3oQf/JQeYX9L:BxYxUauZICT4Qf/JQewL
                                                                                                                                                                                                          MD5:940913A8A7D44DFAD443E831137C8E56
                                                                                                                                                                                                          SHA1:4D0BFF7E0F6D917A5DAEBAF092B81BD8BD1C796D
                                                                                                                                                                                                          SHA-256:CDA5269F441120E5A3BFF2F87E289CD71DE9158CA2A619C7D0A734EB98EE6052
                                                                                                                                                                                                          SHA-512:3A74F73FD1CEFD89303689AA1907539377D1AAA4D94761FE4EDBBFB9FF08359733A08C388036A8D4452CE10AB8DA80D87A76816030170C2E0B4E9CF4788CA849
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:unit cepluginsdk; //more an api than sdk....{$MODE Delphi}....interface....uses windows, sysutils;....type.. TColor=dword;.. PColor=^TColor;....{$ifndef fpc}..//if old delphi then define the ptruint type..type ptruint=dword;..type pptruint=^ptruint'..{$endif}....const PluginVersionSDK=6;....type TAutoAssemblerPhase=(aaInitialize=0, aaPhase1=1, aaPhase2=2, aaFinalize=3);..type TPluginType=(ptAddressList=0, ptMemoryView=1, ptOnDebugEvent=2, ptProcesswatcherEvent=3, ptFunctionPointerchange=4, ptMainMenu=5, ptDisassemblerContext=6, ptDisassemblerRenderLine=7, ptAutoAssembler=8);....type TDWordArray = array[0..0] of DWord;.. PDWordArray = ^TDWordArray;....type.. TContinueOption = (co_run=0, co_stepinto=1, co_stepover=2, co_runtill=3);....type.. TBreakpointMethod = (bpmInt3, bpmDebugRegister);....type.. TBreakOption = (bo_Break = 0, bo_ChangeRegister = 1, bo_FindCode = 2, bo_FindWhatCodeAccesses = 3, bo_BreakAndTrace=4);.. TBreakPointAction = TBreakOption;....type.. TBreakp

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\bla.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):77
                                                                                                                                                                                                          Entropy (8bit):4.1648042349100605
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:UydlFeWIH9y+SNf69JEfo7PKy:U/Xw+SNf6rEMKy
                                                                                                                                                                                                          MD5:A5D7FBE6A1C5EE5C9B8CC1DD85195A4B
                                                                                                                                                                                                          SHA1:F755644CD5430ECDBC20BD52A79E1D503694D223
                                                                                                                                                                                                          SHA-256:49848186572123D3E61B289BD7651DBAB6F130B71C820B3472A2F896B39BB15F
                                                                                                                                                                                                          SHA-512:AD51E7400AB2AFAE7CC118D859EF623C47D92B81622F05CA1C1BA6D4DF3693B664F52A7F80AF3B7A96119658000B10187F62F0D483A263786C2992363ED1770B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..class weee {.. public:... int abc;.... private:... int bla;....};*/..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.c (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6621
                                                                                                                                                                                                          Entropy (8bit):5.329177353184485
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:yRhA+IF/NIkm/SM1AnPqLxFohmeZEAdyaWWFVTc7dEug67ok:yRaPeSPACmyTyxxr
                                                                                                                                                                                                          MD5:9B4403AD7DFC92D6E7D8BE8A4F9C6D76
                                                                                                                                                                                                          SHA1:55F4E162DC4353B157A94071ED4387646265FE8B
                                                                                                                                                                                                          SHA-256:A7E319FF2484A156A3B027AC3A0A687EF19F878BE7CC07C06D3A98CD2F16F48F
                                                                                                                                                                                                          SHA-512:1D77505357B8FE48A6FBF6BE560A33F8FF31353E521D449EBE714A77320D3D98BB3111956AE29C1FE37CD4D5A8FDE2462A7F1F7476D09436730A0F218DBE97ED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// example-c.cpp : Defines the entry point for the DLL application...//....//#define WIN32_LEAN_AND_MEAN..// Exclude rarely-used stuff from Windows headers..// Windows Header Files:......#include <windows.h>..#include <stdio.h>..#include "cepluginsdk.h"..#include "bla.h"....int selfid;..int memorybrowserpluginid=-1; //initialize it to -1 to indicate failure (used by the DisablePlugin routine)..int addresslistPluginID=-1;..int debugpluginID=-1;..int ProcesswatchpluginID=-1;..int PointerReassignmentPluginID=-1;..int MainMenuPluginID=-1;....ExportedFunctions Exported;........void __stdcall mainmenuplugin(void)..{...Exported.ShowMessage("Main menu plugin");...return;..}....void __stdcall PointersReassigned(int reserved)..{...//Check the "Pointer to pointer" objects and decide if you want to redirect them to your own routine, or not...//Usefull for implementing your own read process memory and overriding user choises ...//(e.g when they pick read physical memory and you want to focus on onl

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.def (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):123
                                                                                                                                                                                                          Entropy (8bit):4.811779479994327
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:T8OEUpBiFc/v1JQChi02V/X1JQChsLZmQLf4lFX1JQChhXT6fW:TeyiF8tJXPKlJXcelJX3jt
                                                                                                                                                                                                          MD5:16E7BC7FC630EBC06C84FC437CC784AF
                                                                                                                                                                                                          SHA1:73EBEAE9140D391B8FC8C2A323B0DDEC2E09834F
                                                                                                                                                                                                          SHA-256:D8882065B6EF9E9A4B544AB301D7C1305B989C2E6DA72769F547781B5642A367
                                                                                                                                                                                                          SHA-512:7EA5115CFCB40DF766F98B0B19C6C7F91B29F70D76B8BF0BE86344298E22F45E46C491DDD3554ECB9C49340F778D1D1D8141351BD48EA01ECB7FCF158B0D6DED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:LIBRARY..Example-C..EXPORTS .. CEPlugin_GetVersion.@1.. CEPlugin_InitializePlugin @2.. CEPlugin_DisablePlugin @3

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.sln (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1312
                                                                                                                                                                                                          Entropy (8bit):5.515215172889527
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:zPEkprjnOq3v5mq3a6cq3ovq3c3q3psq3w6Sq3S8mq3iRq3P88W:zPTrjTV75bMaflv37y0UZ
                                                                                                                                                                                                          MD5:0DC38E698FCA8775DDFC53EB9E2777CE
                                                                                                                                                                                                          SHA1:031F1563637D3980AC76E7E425B82FE97E4BF8CA
                                                                                                                                                                                                          SHA-256:4589682CFE7932386BB7E079C63A1303CE16204FAA26A1AD754C743273A30646
                                                                                                                                                                                                          SHA-512:336E5D3F693479282CC73EF5AD0B88A39554990251ED1587A488B591D7E26B9431B3EF79078A89480D9ECFF9512F3FF66F249983955E4B3657E10FBC3211FE10
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 2013..VisualStudioVersion = 12.0.40629.0..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "example-c", "example-c.vcxproj", "{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|Win32.ActiveCfg = Debug|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|Win32.Build.0 = Debug|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|x64.ActiveCfg = Debug|x64....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|x64.Build.0 = Debug|x64....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Release|Win32.ActiveCfg = Release|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Release|

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.vcproj (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8651
                                                                                                                                                                                                          Entropy (8bit):5.1559669229373775
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Splq9zWlIHcHzp1o2q9zEa4HGE1oZq9znl/HcHzpcobq9z/a4HGEcooEtk6084bP:S+hW8SzpOhEXGEbhnFSzpWh/XGE1088
                                                                                                                                                                                                          MD5:EB57AF6CC5BE00BE4CCA68C11A9DD167
                                                                                                                                                                                                          SHA1:30766A046E9059200C7A1F834AD446413382EE8A
                                                                                                                                                                                                          SHA-256:58C62A39812F64D90A6B8A480E6BDCA9C42D285E77A6271F0E5F2F3E80DD668E
                                                                                                                                                                                                          SHA-512:B4E2D485DC6D4A4B7D2702AA62E737F136B64D3AC6DF134E04A2BB3DAEA3FB6AC7EF603B67CB14630D609A6D767BE0619F5B68A471426A8692A68FED6BA9AE16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="example-c"...ProjectGUID="{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}"...RootNamespace="example-c"...Keyword="Win32Proj"...TargetFrameworkVersion="131072"...>...<Platforms>....<Platform.....Name="Win32"..../>....<Platform.....Name="x64"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="Debug".....IntermediateDirectory="Debug".....ConfigurationType="2".....InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops".....CharacterSet="2".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirec

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.vcxproj (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11635
                                                                                                                                                                                                          Entropy (8bit):5.284575044062978
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:xY0/awSBAfNEVDyCyaL9CWyaL9CjyaL9CZyaL9CCmVurQaOnp6UTJAZpXWZAWpXP:xx/awoSuhE61pXSpXCVpX8ispX8Mj
                                                                                                                                                                                                          MD5:1E03374CF6182BEC5B87AD696B3B3D90
                                                                                                                                                                                                          SHA1:C197F285AFF272A818BB286AD06F09F7D82D41B0
                                                                                                                                                                                                          SHA-256:07EEC81F9ACD2497979520EE9F028735DD3BAB27312DD93ED6653B28255AA112
                                                                                                                                                                                                          SHA-512:E10C81E0A00C82D6C6E7582F7002484558FFD2B94D47AF69A898D4CFAC2978F23E41EDE0135ECF252B25534BBD192E0BC78788E9308C5B09E73DEC7EF6F10D82
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup Label="ProjectConfigurations">.. <ProjectConfiguration Include="Debug|Win32">.. <Configuration>Debug</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Debug|x64">.. <Configuration>Debug</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|Win32">.. <Configuration>Release</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|x64">.. <Configuration>Release</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. </ItemGroup>.. <PropertyGroup Label="Globals">.. <ProjectGuid>{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}</ProjectGuid>.. <RootNamespace>example-c</RootNamespace>..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\example-c.vcxproj.filters (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1723
                                                                                                                                                                                                          Entropy (8bit):5.096113834015664
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:JdS4+lOFKMz4DFA5glIFXZ/ZaO0v1ZThRGBv3505Z9FJx3505Z9n93505Z94v355:3Qlo4aunNbR2hW/kbhE/K
                                                                                                                                                                                                          MD5:9740E73E7CDBD769A46179A035F59FDB
                                                                                                                                                                                                          SHA1:C923A13EBCD12F98BB4610AF25C833D3D2F6EC30
                                                                                                                                                                                                          SHA-256:DDAF1810F761922EBCC88D654AE05149C26A9A72CC6FFF0876A8BADBFA59F2B8
                                                                                                                                                                                                          SHA-512:3DC1CFCF7B7DAB45935E0249AA4566B68AE573A32A5987854E32C168547FB8452E0179DD7465A1BDA780E4AE416C74D4B0885C2F3DC066133D81172BFF575B53
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup>.. <Filter Include="Source Files">.. <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>.. <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>.. </Filter>.. <Filter Include="Header Files">.. <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>.. <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>.. </Filter>.. <Filter Include="Resource Files">.. <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>.. <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx</Extensions>.. </Filter>.. </ItemGroup>.. <ItemGroup>.. <ClCompile Include="bla.cpp">.. <Filter>Source Files</Filter>.. </ClCompile>.. <ClCompile Include="example-c.c">.. <Filter>Source Files</Filter>.. </ClCompile>.. </ItemGroup

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-43T6R.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1723
                                                                                                                                                                                                          Entropy (8bit):5.096113834015664
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:JdS4+lOFKMz4DFA5glIFXZ/ZaO0v1ZThRGBv3505Z9FJx3505Z9n93505Z94v355:3Qlo4aunNbR2hW/kbhE/K
                                                                                                                                                                                                          MD5:9740E73E7CDBD769A46179A035F59FDB
                                                                                                                                                                                                          SHA1:C923A13EBCD12F98BB4610AF25C833D3D2F6EC30
                                                                                                                                                                                                          SHA-256:DDAF1810F761922EBCC88D654AE05149C26A9A72CC6FFF0876A8BADBFA59F2B8
                                                                                                                                                                                                          SHA-512:3DC1CFCF7B7DAB45935E0249AA4566B68AE573A32A5987854E32C168547FB8452E0179DD7465A1BDA780E4AE416C74D4B0885C2F3DC066133D81172BFF575B53
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup>.. <Filter Include="Source Files">.. <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>.. <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>.. </Filter>.. <Filter Include="Header Files">.. <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>.. <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>.. </Filter>.. <Filter Include="Resource Files">.. <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>.. <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx</Extensions>.. </Filter>.. </ItemGroup>.. <ItemGroup>.. <ClCompile Include="bla.cpp">.. <Filter>Source Files</Filter>.. </ClCompile>.. <ClCompile Include="example-c.c">.. <Filter>Source Files</Filter>.. </ClCompile>.. </ItemGroup

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-5M78V.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):11635
                                                                                                                                                                                                          Entropy (8bit):5.284575044062978
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:xY0/awSBAfNEVDyCyaL9CWyaL9CjyaL9CZyaL9CCmVurQaOnp6UTJAZpXWZAWpXP:xx/awoSuhE61pXSpXCVpX8ispX8Mj
                                                                                                                                                                                                          MD5:1E03374CF6182BEC5B87AD696B3B3D90
                                                                                                                                                                                                          SHA1:C197F285AFF272A818BB286AD06F09F7D82D41B0
                                                                                                                                                                                                          SHA-256:07EEC81F9ACD2497979520EE9F028735DD3BAB27312DD93ED6653B28255AA112
                                                                                                                                                                                                          SHA-512:E10C81E0A00C82D6C6E7582F7002484558FFD2B94D47AF69A898D4CFAC2978F23E41EDE0135ECF252B25534BBD192E0BC78788E9308C5B09E73DEC7EF6F10D82
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup Label="ProjectConfigurations">.. <ProjectConfiguration Include="Debug|Win32">.. <Configuration>Debug</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Debug|x64">.. <Configuration>Debug</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|Win32">.. <Configuration>Release</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|x64">.. <Configuration>Release</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. </ItemGroup>.. <PropertyGroup Label="Globals">.. <ProjectGuid>{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}</ProjectGuid>.. <RootNamespace>example-c</RootNamespace>..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-7RGDO.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):77
                                                                                                                                                                                                          Entropy (8bit):4.1648042349100605
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:UydlFeWIH9y+SNf69JEfo7PKy:U/Xw+SNf6rEMKy
                                                                                                                                                                                                          MD5:A5D7FBE6A1C5EE5C9B8CC1DD85195A4B
                                                                                                                                                                                                          SHA1:F755644CD5430ECDBC20BD52A79E1D503694D223
                                                                                                                                                                                                          SHA-256:49848186572123D3E61B289BD7651DBAB6F130B71C820B3472A2F896B39BB15F
                                                                                                                                                                                                          SHA-512:AD51E7400AB2AFAE7CC118D859EF623C47D92B81622F05CA1C1BA6D4DF3693B664F52A7F80AF3B7A96119658000B10187F62F0D483A263786C2992363ED1770B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..class weee {.. public:... int abc;.... private:... int bla;....};*/..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-AGB3S.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8651
                                                                                                                                                                                                          Entropy (8bit):5.1559669229373775
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:Splq9zWlIHcHzp1o2q9zEa4HGE1oZq9znl/HcHzpcobq9z/a4HGEcooEtk6084bP:S+hW8SzpOhEXGEbhnFSzpWh/XGE1088
                                                                                                                                                                                                          MD5:EB57AF6CC5BE00BE4CCA68C11A9DD167
                                                                                                                                                                                                          SHA1:30766A046E9059200C7A1F834AD446413382EE8A
                                                                                                                                                                                                          SHA-256:58C62A39812F64D90A6B8A480E6BDCA9C42D285E77A6271F0E5F2F3E80DD668E
                                                                                                                                                                                                          SHA-512:B4E2D485DC6D4A4B7D2702AA62E737F136B64D3AC6DF134E04A2BB3DAEA3FB6AC7EF603B67CB14630D609A6D767BE0619F5B68A471426A8692A68FED6BA9AE16
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="Windows-1252"?>..<VisualStudioProject...ProjectType="Visual C++"...Version="9.00"...Name="example-c"...ProjectGUID="{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}"...RootNamespace="example-c"...Keyword="Win32Proj"...TargetFrameworkVersion="131072"...>...<Platforms>....<Platform.....Name="Win32"..../>....<Platform.....Name="x64"..../>...</Platforms>...<ToolFiles>...</ToolFiles>...<Configurations>....<Configuration.....Name="Debug|Win32".....OutputDirectory="Debug".....IntermediateDirectory="Debug".....ConfigurationType="2".....InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops".....CharacterSet="2".....>.....<Tool......Name="VCPreBuildEventTool"...../>.....<Tool......Name="VCCustomBuildTool"...../>.....<Tool......Name="VCXMLDataGeneratorTool"...../>.....<Tool......Name="VCWebServiceProxyGeneratorTool"...../>.....<Tool......Name="VCMIDLTool"...../>.....<Tool......Name="VCCLCompilerTool"......Optimization="0"......AdditionalIncludeDirec

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-ELICB.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6621
                                                                                                                                                                                                          Entropy (8bit):5.329177353184485
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:yRhA+IF/NIkm/SM1AnPqLxFohmeZEAdyaWWFVTc7dEug67ok:yRaPeSPACmyTyxxr
                                                                                                                                                                                                          MD5:9B4403AD7DFC92D6E7D8BE8A4F9C6D76
                                                                                                                                                                                                          SHA1:55F4E162DC4353B157A94071ED4387646265FE8B
                                                                                                                                                                                                          SHA-256:A7E319FF2484A156A3B027AC3A0A687EF19F878BE7CC07C06D3A98CD2F16F48F
                                                                                                                                                                                                          SHA-512:1D77505357B8FE48A6FBF6BE560A33F8FF31353E521D449EBE714A77320D3D98BB3111956AE29C1FE37CD4D5A8FDE2462A7F1F7476D09436730A0F218DBE97ED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// example-c.cpp : Defines the entry point for the DLL application...//....//#define WIN32_LEAN_AND_MEAN..// Exclude rarely-used stuff from Windows headers..// Windows Header Files:......#include <windows.h>..#include <stdio.h>..#include "cepluginsdk.h"..#include "bla.h"....int selfid;..int memorybrowserpluginid=-1; //initialize it to -1 to indicate failure (used by the DisablePlugin routine)..int addresslistPluginID=-1;..int debugpluginID=-1;..int ProcesswatchpluginID=-1;..int PointerReassignmentPluginID=-1;..int MainMenuPluginID=-1;....ExportedFunctions Exported;........void __stdcall mainmenuplugin(void)..{...Exported.ShowMessage("Main menu plugin");...return;..}....void __stdcall PointersReassigned(int reserved)..{...//Check the "Pointer to pointer" objects and decide if you want to redirect them to your own routine, or not...//Usefull for implementing your own read process memory and overriding user choises ...//(e.g when they pick read physical memory and you want to focus on onl

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-M12HS.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):123
                                                                                                                                                                                                          Entropy (8bit):4.811779479994327
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:T8OEUpBiFc/v1JQChi02V/X1JQChsLZmQLf4lFX1JQChhXT6fW:TeyiF8tJXPKlJXcelJX3jt
                                                                                                                                                                                                          MD5:16E7BC7FC630EBC06C84FC437CC784AF
                                                                                                                                                                                                          SHA1:73EBEAE9140D391B8FC8C2A323B0DDEC2E09834F
                                                                                                                                                                                                          SHA-256:D8882065B6EF9E9A4B544AB301D7C1305B989C2E6DA72769F547781B5642A367
                                                                                                                                                                                                          SHA-512:7EA5115CFCB40DF766F98B0B19C6C7F91B29F70D76B8BF0BE86344298E22F45E46C491DDD3554ECB9C49340F778D1D1D8141351BD48EA01ECB7FCF158B0D6DED
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:LIBRARY..Example-C..EXPORTS .. CEPlugin_GetVersion.@1.. CEPlugin_InitializePlugin @2.. CEPlugin_DisablePlugin @3

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\example-c\is-R89P4.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1312
                                                                                                                                                                                                          Entropy (8bit):5.515215172889527
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:zPEkprjnOq3v5mq3a6cq3ovq3c3q3psq3w6Sq3S8mq3iRq3P88W:zPTrjTV75bMaflv37y0UZ
                                                                                                                                                                                                          MD5:0DC38E698FCA8775DDFC53EB9E2777CE
                                                                                                                                                                                                          SHA1:031F1563637D3980AC76E7E425B82FE97E4BF8CA
                                                                                                                                                                                                          SHA-256:4589682CFE7932386BB7E079C63A1303CE16204FAA26A1AD754C743273A30646
                                                                                                                                                                                                          SHA-512:336E5D3F693479282CC73EF5AD0B88A39554990251ED1587A488B591D7E26B9431B3EF79078A89480D9ECFF9512F3FF66F249983955E4B3657E10FBC3211FE10
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio 2013..VisualStudioVersion = 12.0.40629.0..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "example-c", "example-c.vcxproj", "{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|Win32.ActiveCfg = Debug|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|Win32.Build.0 = Debug|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|x64.ActiveCfg = Debug|x64....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Debug|x64.Build.0 = Debug|x64....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Release|Win32.ActiveCfg = Release|Win32....{3A688B63-7CE8-4993-BEC5-E7FE48B73F03}.Release|

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-1A785.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15219
                                                                                                                                                                                                          Entropy (8bit):5.2811147294549095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:e0NdvtffvT5GDazPCagC/3hJiOY4k1gN3glwkp7MYTG26nRRT46lQHTa:lf4Dg6agC/3h8OBk7wkJMYTG1Rxqa
                                                                                                                                                                                                          MD5:555A7140BBD46A1B5BFD5BAC4A9A9F10
                                                                                                                                                                                                          SHA1:457CEE5851A018909D1BC96824E99C0C775166EE
                                                                                                                                                                                                          SHA-256:8AEF3FA9669BDC5E7659389E276F31EC779CA4BDF96E2C9ADA07DD9458A47416
                                                                                                                                                                                                          SHA-512:34B85999AA982DE19630DFA2100C60618758A4247FE5CDB3320E04904415619AA437A72E97B5E67AD287E47C66E73C7FD04DA6786DC1FCFA981207541043F3FB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..** $Id: lua.h,v 1.325 2014/12/26 17:24:27 roberto Exp $..** Lua - A Scripting Language..** Lua.org, PUC-Rio, Brazil (http://www.lua.org)..** See Copyright Notice at the end of this file..*/......#ifndef lua_h..#define lua_h....#include <stdarg.h>..#include <stddef.h>......#include "luaconf.h"......#define LUA_VERSION_MAJOR."5"..#define LUA_VERSION_MINOR."3"..#define LUA_VERSION_NUM..503..#define LUA_VERSION_RELEASE."0"....#define LUA_VERSION."Lua " LUA_VERSION_MAJOR "." LUA_VERSION_MINOR..#define LUA_RELEASE.LUA_VERSION "." LUA_VERSION_RELEASE..#define LUA_COPYRIGHT.LUA_RELEASE " Copyright (C) 1994-2015 Lua.org, PUC-Rio"..#define LUA_AUTHORS."R. Ierusalimschy, L. H. de Figueiredo, W. Celes"....../* mark for precompiled code ('<esc>Lua') */..#define LUA_SIGNATURE."\x1bLua"..../* option for multiple returns in 'lua_pcall' and 'lua_call' */..#define LUA_MULTRET.(-1)....../*..** pseudo-indices..*/..#define LUA_REGISTRYINDEX.LUAI_FIRSTPSEUDOIDX..#define lua_upvalueindex(i).(LUA_REGISTR

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-CIM80.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20820
                                                                                                                                                                                                          Entropy (8bit):4.9478688580965615
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:BxYxU2LDxW7ZTDfKZeiH22CT3oQf/JQeYX9L:BxYxUauZICT4Qf/JQewL
                                                                                                                                                                                                          MD5:940913A8A7D44DFAD443E831137C8E56
                                                                                                                                                                                                          SHA1:4D0BFF7E0F6D917A5DAEBAF092B81BD8BD1C796D
                                                                                                                                                                                                          SHA-256:CDA5269F441120E5A3BFF2F87E289CD71DE9158CA2A619C7D0A734EB98EE6052
                                                                                                                                                                                                          SHA-512:3A74F73FD1CEFD89303689AA1907539377D1AAA4D94761FE4EDBBFB9FF08359733A08C388036A8D4452CE10AB8DA80D87A76816030170C2E0B4E9CF4788CA849
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:unit cepluginsdk; //more an api than sdk....{$MODE Delphi}....interface....uses windows, sysutils;....type.. TColor=dword;.. PColor=^TColor;....{$ifndef fpc}..//if old delphi then define the ptruint type..type ptruint=dword;..type pptruint=^ptruint'..{$endif}....const PluginVersionSDK=6;....type TAutoAssemblerPhase=(aaInitialize=0, aaPhase1=1, aaPhase2=2, aaFinalize=3);..type TPluginType=(ptAddressList=0, ptMemoryView=1, ptOnDebugEvent=2, ptProcesswatcherEvent=3, ptFunctionPointerchange=4, ptMainMenu=5, ptDisassemblerContext=6, ptDisassemblerRenderLine=7, ptAutoAssembler=8);....type TDWordArray = array[0..0] of DWord;.. PDWordArray = ^TDWordArray;....type.. TContinueOption = (co_run=0, co_stepinto=1, co_stepover=2, co_runtill=3);....type.. TBreakpointMethod = (bpmInt3, bpmDebugRegister);....type.. TBreakOption = (bo_Break = 0, bo_ChangeRegister = 1, bo_FindCode = 2, bo_FindWhatCodeAccesses = 3, bo_BreakAndTrace=4);.. TBreakPointAction = TBreakOption;....type.. TBreakp

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-D3B40.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8689
                                                                                                                                                                                                          Entropy (8bit):5.0154559813237505
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:AG3SKmwE5ZD7lq4TJpTPx9W1HPHthPRHroDAtZdJ3/L:AnfEvGAr
                                                                                                                                                                                                          MD5:414752BF38E58BD6C662587CA7B4291A
                                                                                                                                                                                                          SHA1:5A82403A8D90D09E9B487AF738ECBCBC0FEEE297
                                                                                                                                                                                                          SHA-256:1A47911AB8C28536B35B83E9887729B06B00E10DED9C1BDB417ECE7657A6C73A
                                                                                                                                                                                                          SHA-512:1DC2A3C45C7FC8F8A1C5A59D6907BB03CCE53EA1E24225118190873AE8C3D28A7C4E287505D6BEEC9BB5AC28077576CEAEF04A1E2C48A0E6CBAD8DDFE8FC71D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..** $Id: lauxlib.h,v 1.128 2014/10/29 16:11:17 roberto Exp $..** Auxiliary functions for building Lua libraries..** See Copyright Notice in lua.h..*/......#ifndef lauxlib_h..#define lauxlib_h......#include <stddef.h>..#include <stdio.h>....#include "lua.h"......../* extra error code for 'luaL_load' */..#define LUA_ERRFILE (LUA_ERRERR+1)......typedef struct luaL_Reg {.. const char *name;.. lua_CFunction func;..} luaL_Reg;......#define LUAL_NUMSIZES.(sizeof(lua_Integer)*16 + sizeof(lua_Number))....LUALIB_API void (luaL_checkversion_) (lua_State *L, lua_Number ver, size_t sz);..#define luaL_checkversion(L) \... luaL_checkversion_(L, LUA_VERSION_NUM, LUAL_NUMSIZES)....LUALIB_API int (luaL_getmetafield) (lua_State *L, int obj, const char *e);..LUALIB_API int (luaL_callmeta) (lua_State *L, int obj, const char *e);..LUALIB_API const char *(luaL_tolstring) (lua_State *L, int idx, size_t *len);..LUALIB_API int (luaL_argerror) (lua_State *L, int arg, const char *extramsg);..LUALIB_API

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-EEUM9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):200
                                                                                                                                                                                                          Entropy (8bit):4.66236463636852
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:jVVr02QbOwsrQl+EEKu/OrxReAEiMlAEgrlAQ0l:jVxxQCJZECueAEdlAEgrlAQy
                                                                                                                                                                                                          MD5:5D2DD4FF9F4C38D14220BB0E425B796C
                                                                                                                                                                                                          SHA1:2FD297C467FFCD72CF9CD21450E5BEAD0AE23962
                                                                                                                                                                                                          SHA-256:A7A47CE4CD19F703B8025696F0631C09A664D54CFA831BE4538D10441AEBB48D
                                                                                                                                                                                                          SHA-512:C84EC5C6F867DF99C9C8C4F57AF4795E2FACA7D81F111F7AECC568CD5A28DE3971A1BFCFEF9950181FF2FA67B82542840488DE718D95F87877F51B0709CE10D6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// lua.hpp..// Lua header files for C++..// <<extern "C">> not supplied automatically because Lua also compiles as C++....extern "C" {..#include "lua.h"..#include "lualib.h"..#include "lauxlib.h"..}..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-GJHR4.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21043
                                                                                                                                                                                                          Entropy (8bit):5.394919695008515
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:AmA+N/G+woUL8m7ETjv68AaMNZjXrQvLXF2ZsgcoGkR3lY6TKhaokMC5:++zbTr68AaMNZjXrQvLXF2ZsgcoGkR3T
                                                                                                                                                                                                          MD5:FE4F0BA514434B7F01983B97F6E517E0
                                                                                                                                                                                                          SHA1:7057FB0BCC204AC4E65AADDBDA350BF8F7488A3E
                                                                                                                                                                                                          SHA-256:0C5D09A7908F99B80377B3157A0BD37C6322CDC0AF437E99501AE746037408EC
                                                                                                                                                                                                          SHA-512:BEBB3A5C5384D0A08955A95970A40509D2ECE40FEEFB0A7C80BBFD4F9CF02E88AED69B5BF05BA6FFFABDD88D364BBB717AD4F59E3A1B6999BCD1CDEBDD410D53
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..** $Id: luaconf.h,v 1.238 2014/12/29 13:27:55 roberto Exp $..** Configuration file for Lua..** See Copyright Notice in lua.h..*/......#ifndef luaconf_h..#define luaconf_h....#include <limits.h>..#include <stddef.h>....../*..** ===================================================================..** Search for "@@" to find all configurable definitions...** ===================================================================..*/....../*..** {====================================================================..** System Configuration: macros to adapt (if needed) Lua to some..** particular platform, for instance compiling it with 32-bit numbers or..** restricting it to C89...** =====================================================================..*/..../*..@@ LUA_32BITS enables Lua with 32-bit integers and 32-bit floats. You..** can also define LUA_32BITS in the make file, but changing here you..** ensure that all software connected to Lua will be compiled with the..** same configurati

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-I8VBM.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:current ar archive
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30522
                                                                                                                                                                                                          Entropy (8bit):4.730977794432752
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:G+9VzUvXP24qb80klIfUYFXk6mN6O4teI0BhIan342:54V
                                                                                                                                                                                                          MD5:AAE95F62EAD4B09BAD0CDEBC9F68D8FC
                                                                                                                                                                                                          SHA1:6B8A2A943DEAC8E4F89E3985E04FD364B35065C8
                                                                                                                                                                                                          SHA-256:55B823D33C806BAAB879D3E8FD4D02253B719DCB9D4C7A74A1947AF0C99F7132
                                                                                                                                                                                                          SHA-512:0874A2A6D4F48EB9EBAF6FD4886ABF062EEA1F55FD2E8771B597C9EEE6666F74D44067D4074B52C5B453197D76DC575CE8608CA893F7377F9218345CBCA8BEE4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:!<arch>./ -1 0 6568 `....+..3...6...7@..p...p...p|..p|..j...j...W...W...\...\...f...f...Q...Q...Z...Z...O*..O*..\...\...P...P...Q:..Q:..kf..kf..Pj..Pj..Z...Z...]...]...M...M...j...j...iB..iB..e...e...e...e...d...d...hn..hn..g,..g,..i...i...g...g...W...W...Uj..Uj..O...O...c...c...cp..cp..c...c...T,..T,..R...R...VF..VF..Rx..Rx..aP..aP.._(.._(..]n..]n..]...]...^L..^L..b*..b*..`...`..._..._...^...^...`t..`t..`...`...nb..nb..n...n...o:..o:..l...l...dD..dD..m...m...lB..lB..m...m...m...m...k...k...N...N...L...L...b...b...Y...Y...Y@..Y@..X...X...Xh..Xh..W...W...p...p...o...o...a...a...O...O...fV..fV..j...j...V...V...LD..LD..qV..qV..M...M...q...q...M...M...?...?...D*..D*..A...A...H...H...A...A...IJ..IJ..D...D...G(..G(..J...J...B...B...;$..;$..@...@...CL..CL..Bn..Bn..B...B...Kp..Kp..Hv..Hv..:...:...:H..:H..9p..9p..H...H...G...G...9...9...8...8...F...F...En..En..;...;...FJ..FJ..<...<...E...E...<l..<l..;...;...>*..>*..=...=...=L..=L..>...>...J&..J&..I.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-J46MR.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:current ar archive
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):51186
                                                                                                                                                                                                          Entropy (8bit):5.1687334046820474
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:rJFHn1qrIxu38h8ZLE4aydYZs+1RnNqEk7/JNK2A26spyFAaNbghZGV4iwKWV8UN:/buA8ZLbYPncBQ5Rmychrr+W
                                                                                                                                                                                                          MD5:F22FF9845A888059D8B7F3581E43C098
                                                                                                                                                                                                          SHA1:766835B82B55B5254CD3CE03AF27C94CE98661AD
                                                                                                                                                                                                          SHA-256:CD7C6537C01CECF6CC4F71762D4D66092A51E5D99C7BA9C175988DE7308A85B9
                                                                                                                                                                                                          SHA-512:30A1A33B701928DD5AE8A9C7A9E2C3632E75195155936FE8D63EE26541BEBFE2F9219B6528F7E657D52DB1F6CDEB779D8FEE226B224253CED4D4EFAA349B8BD7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:!<arch>./ -1 0 14598 `....+..t...w...x@...X...X...........Z...Z...........t...t...v...v...z...z...........R...R...........,...,..........."..."...........,...,...........0...0...L...L...................d...d...........h...h...........r...r..................................."..."...........>...>...........B...B...........P...P...................p...p...................................................,...,...........2...2...........L...L...........f...f...........................T...T...........................t...t...................................n...n...........................~...~...d...d...........................................8...8...........................................f...f...:...:...........V...V...........@...@..."..."...................H...H..................|...|....@...@..{6..{6..~...~....J...J..................}...}............*...*..........}v..}v...........*...*...........:...:...........P...P...........Z...Z............

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-SFC4L.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21249
                                                                                                                                                                                                          Entropy (8bit):5.473071232947375
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:MxdQ1dn5s8SJRF6A64O0pgwzG1AXQpmwpN6NnES1sq9X5T:Mxu5s8Kq0pgh1AXKbcnEMT
                                                                                                                                                                                                          MD5:E4FFD1E2C206AEB1FC1B8ACB2D2FFC38
                                                                                                                                                                                                          SHA1:A13B6AEF7AA457D47F2745924D4808DAAAB7A809
                                                                                                                                                                                                          SHA-256:B6500DF1E94D7BB011B38E173B2603197B7A1F304496D751EDE82E57E36E532F
                                                                                                                                                                                                          SHA-512:25BAC2C4782B15B86BD5940232B91A1227C286979B93E2F5A8129814AFC619AB6A57B8EF6EA60E92B78B16CDEE39098E8CD0129020E73D3A8872AA2421834833
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*.. cepluginsdk.h.. Updated July 4, 2017.... v5.0.0..*/..#ifndef CEPLUGINSDK_H..#define CEPLUGINSDK_H....#include <windows.h>..#include "lua.h"..#include "lualib.h"..#include "lauxlib.h"......#define CESDK_VERSION 6....typedef enum {ptAddressList=0, ptMemoryView=1, ptOnDebugEvent=2, ptProcesswatcherEvent=3, ptFunctionPointerchange=4, ptMainMenu=5, ptDisassemblerContext=6, ptDisassemblerRenderLine=7, ptAutoAssembler=8} PluginType;..typedef enum {aaInitialize=0, aaPhase1=1, aaPhase2=2, aaFinalize=3} AutoAssemblerPhase;....typedef struct _PluginVersion..{.. unsigned int version; //write here the minimum version this dll is compatible with (Current supported version: 1 and 2: this SDK only describes 2).. char *pluginname; //make this point to a 0-terminated string (allocated memory or static addressin your dll, not stack)..} PluginVersion, *PPluginVersion;....typedef struct _PLUGINTYPE0_RECORD..{.. char *interpretedaddress; //pointer to a 255 bytes long string (0 terminated).. UINT_P

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\is-THFAG.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1231
                                                                                                                                                                                                          Entropy (8bit):5.27341352475105
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:1i4ToLKs3cpb0gxTCLZKds9dk3kzVr4FiRok:Eaom3IVWiRok
                                                                                                                                                                                                          MD5:D763A23012A8DAFD2D76CE4A0609CC17
                                                                                                                                                                                                          SHA1:B7C2040F6EF844048A1B17E204658AD0F5C6957E
                                                                                                                                                                                                          SHA-256:3890F6CE73F70F6EB67EC42A74F7C8CEF40FA184659934906648C8ACADB53FBF
                                                                                                                                                                                                          SHA-512:9AC100782422E02809F5A63A42B9787F97C9FF292CC3EBB7E2DC39B5E40E671C566A74DEC8D1A748B7D4E8666499F045FDEE6ED4DDB0207FF7856145CBFD294E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..** $Id: lualib.h,v 1.44 2014/02/06 17:32:33 roberto Exp $..** Lua standard libraries..** See Copyright Notice in lua.h..*/......#ifndef lualib_h..#define lualib_h....#include "lua.h"........LUAMOD_API int (luaopen_base) (lua_State *L);....#define LUA_COLIBNAME."coroutine"..LUAMOD_API int (luaopen_coroutine) (lua_State *L);....#define LUA_TABLIBNAME."table"..LUAMOD_API int (luaopen_table) (lua_State *L);....#define LUA_IOLIBNAME."io"..LUAMOD_API int (luaopen_io) (lua_State *L);....#define LUA_OSLIBNAME."os"..LUAMOD_API int (luaopen_os) (lua_State *L);....#define LUA_STRLIBNAME."string"..LUAMOD_API int (luaopen_string) (lua_State *L);....#define LUA_UTF8LIBNAME."utf8"..LUAMOD_API int (luaopen_utf8) (lua_State *L);....#define LUA_BITLIBNAME."bit32"..LUAMOD_API int (luaopen_bit32) (lua_State *L);....#define LUA_MATHLIBNAME."math"..LUAMOD_API int (luaopen_math) (lua_State *L);....#define LUA_DBLIBNAME."debug"..LUAMOD_API int (luaopen_debug) (lua_State *L);....#define LUA_LOADLIBNAME."pa

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\lauxlib.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8689
                                                                                                                                                                                                          Entropy (8bit):5.0154559813237505
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:AG3SKmwE5ZD7lq4TJpTPx9W1HPHthPRHroDAtZdJ3/L:AnfEvGAr
                                                                                                                                                                                                          MD5:414752BF38E58BD6C662587CA7B4291A
                                                                                                                                                                                                          SHA1:5A82403A8D90D09E9B487AF738ECBCBC0FEEE297
                                                                                                                                                                                                          SHA-256:1A47911AB8C28536B35B83E9887729B06B00E10DED9C1BDB417ECE7657A6C73A
                                                                                                                                                                                                          SHA-512:1DC2A3C45C7FC8F8A1C5A59D6907BB03CCE53EA1E24225118190873AE8C3D28A7C4E287505D6BEEC9BB5AC28077576CEAEF04A1E2C48A0E6CBAD8DDFE8FC71D2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..** $Id: lauxlib.h,v 1.128 2014/10/29 16:11:17 roberto Exp $..** Auxiliary functions for building Lua libraries..** See Copyright Notice in lua.h..*/......#ifndef lauxlib_h..#define lauxlib_h......#include <stddef.h>..#include <stdio.h>....#include "lua.h"......../* extra error code for 'luaL_load' */..#define LUA_ERRFILE (LUA_ERRERR+1)......typedef struct luaL_Reg {.. const char *name;.. lua_CFunction func;..} luaL_Reg;......#define LUAL_NUMSIZES.(sizeof(lua_Integer)*16 + sizeof(lua_Number))....LUALIB_API void (luaL_checkversion_) (lua_State *L, lua_Number ver, size_t sz);..#define luaL_checkversion(L) \... luaL_checkversion_(L, LUA_VERSION_NUM, LUAL_NUMSIZES)....LUALIB_API int (luaL_getmetafield) (lua_State *L, int obj, const char *e);..LUALIB_API int (luaL_callmeta) (lua_State *L, int obj, const char *e);..LUALIB_API const char *(luaL_tolstring) (lua_State *L, int idx, size_t *len);..LUALIB_API int (luaL_argerror) (lua_State *L, int arg, const char *extramsg);..LUALIB_API

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\lua.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15219
                                                                                                                                                                                                          Entropy (8bit):5.2811147294549095
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:e0NdvtffvT5GDazPCagC/3hJiOY4k1gN3glwkp7MYTG26nRRT46lQHTa:lf4Dg6agC/3h8OBk7wkJMYTG1Rxqa
                                                                                                                                                                                                          MD5:555A7140BBD46A1B5BFD5BAC4A9A9F10
                                                                                                                                                                                                          SHA1:457CEE5851A018909D1BC96824E99C0C775166EE
                                                                                                                                                                                                          SHA-256:8AEF3FA9669BDC5E7659389E276F31EC779CA4BDF96E2C9ADA07DD9458A47416
                                                                                                                                                                                                          SHA-512:34B85999AA982DE19630DFA2100C60618758A4247FE5CDB3320E04904415619AA437A72E97B5E67AD287E47C66E73C7FD04DA6786DC1FCFA981207541043F3FB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..** $Id: lua.h,v 1.325 2014/12/26 17:24:27 roberto Exp $..** Lua - A Scripting Language..** Lua.org, PUC-Rio, Brazil (http://www.lua.org)..** See Copyright Notice at the end of this file..*/......#ifndef lua_h..#define lua_h....#include <stdarg.h>..#include <stddef.h>......#include "luaconf.h"......#define LUA_VERSION_MAJOR."5"..#define LUA_VERSION_MINOR."3"..#define LUA_VERSION_NUM..503..#define LUA_VERSION_RELEASE."0"....#define LUA_VERSION."Lua " LUA_VERSION_MAJOR "." LUA_VERSION_MINOR..#define LUA_RELEASE.LUA_VERSION "." LUA_VERSION_RELEASE..#define LUA_COPYRIGHT.LUA_RELEASE " Copyright (C) 1994-2015 Lua.org, PUC-Rio"..#define LUA_AUTHORS."R. Ierusalimschy, L. H. de Figueiredo, W. Celes"....../* mark for precompiled code ('<esc>Lua') */..#define LUA_SIGNATURE."\x1bLua"..../* option for multiple returns in 'lua_pcall' and 'lua_call' */..#define LUA_MULTRET.(-1)....../*..** pseudo-indices..*/..#define LUA_REGISTRYINDEX.LUAI_FIRSTPSEUDOIDX..#define lua_upvalueindex(i).(LUA_REGISTR

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\lua.hpp (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):200
                                                                                                                                                                                                          Entropy (8bit):4.66236463636852
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:jVVr02QbOwsrQl+EEKu/OrxReAEiMlAEgrlAQ0l:jVxxQCJZECueAEdlAEgrlAQy
                                                                                                                                                                                                          MD5:5D2DD4FF9F4C38D14220BB0E425B796C
                                                                                                                                                                                                          SHA1:2FD297C467FFCD72CF9CD21450E5BEAD0AE23962
                                                                                                                                                                                                          SHA-256:A7A47CE4CD19F703B8025696F0631C09A664D54CFA831BE4538D10441AEBB48D
                                                                                                                                                                                                          SHA-512:C84EC5C6F867DF99C9C8C4F57AF4795E2FACA7D81F111F7AECC568CD5A28DE3971A1BFCFEF9950181FF2FA67B82542840488DE718D95F87877F51B0709CE10D6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:// lua.hpp..// Lua header files for C++..// <<extern "C">> not supplied automatically because Lua also compiles as C++....extern "C" {..#include "lua.h"..#include "lualib.h"..#include "lauxlib.h"..}..

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\lua53-32.lib (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:current ar archive
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30522
                                                                                                                                                                                                          Entropy (8bit):4.730977794432752
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:G+9VzUvXP24qb80klIfUYFXk6mN6O4teI0BhIan342:54V
                                                                                                                                                                                                          MD5:AAE95F62EAD4B09BAD0CDEBC9F68D8FC
                                                                                                                                                                                                          SHA1:6B8A2A943DEAC8E4F89E3985E04FD364B35065C8
                                                                                                                                                                                                          SHA-256:55B823D33C806BAAB879D3E8FD4D02253B719DCB9D4C7A74A1947AF0C99F7132
                                                                                                                                                                                                          SHA-512:0874A2A6D4F48EB9EBAF6FD4886ABF062EEA1F55FD2E8771B597C9EEE6666F74D44067D4074B52C5B453197D76DC575CE8608CA893F7377F9218345CBCA8BEE4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:!<arch>./ -1 0 6568 `....+..3...6...7@..p...p...p|..p|..j...j...W...W...\...\...f...f...Q...Q...Z...Z...O*..O*..\...\...P...P...Q:..Q:..kf..kf..Pj..Pj..Z...Z...]...]...M...M...j...j...iB..iB..e...e...e...e...d...d...hn..hn..g,..g,..i...i...g...g...W...W...Uj..Uj..O...O...c...c...cp..cp..c...c...T,..T,..R...R...VF..VF..Rx..Rx..aP..aP.._(.._(..]n..]n..]...]...^L..^L..b*..b*..`...`..._..._...^...^...`t..`t..`...`...nb..nb..n...n...o:..o:..l...l...dD..dD..m...m...lB..lB..m...m...m...m...k...k...N...N...L...L...b...b...Y...Y...Y@..Y@..X...X...Xh..Xh..W...W...p...p...o...o...a...a...O...O...fV..fV..j...j...V...V...LD..LD..qV..qV..M...M...q...q...M...M...?...?...D*..D*..A...A...H...H...A...A...IJ..IJ..D...D...G(..G(..J...J...B...B...;$..;$..@...@...CL..CL..Bn..Bn..B...B...Kp..Kp..Hv..Hv..:...:...:H..:H..9p..9p..H...H...G...G...9...9...8...8...F...F...En..En..;...;...FJ..FJ..<...<...E...E...<l..<l..;...;...>*..>*..=...=...=L..=L..>...>...J&..J&..I.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\lua53-64.lib (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:current ar archive
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):51186
                                                                                                                                                                                                          Entropy (8bit):5.1687334046820474
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:rJFHn1qrIxu38h8ZLE4aydYZs+1RnNqEk7/JNK2A26spyFAaNbghZGV4iwKWV8UN:/buA8ZLbYPncBQ5Rmychrr+W
                                                                                                                                                                                                          MD5:F22FF9845A888059D8B7F3581E43C098
                                                                                                                                                                                                          SHA1:766835B82B55B5254CD3CE03AF27C94CE98661AD
                                                                                                                                                                                                          SHA-256:CD7C6537C01CECF6CC4F71762D4D66092A51E5D99C7BA9C175988DE7308A85B9
                                                                                                                                                                                                          SHA-512:30A1A33B701928DD5AE8A9C7A9E2C3632E75195155936FE8D63EE26541BEBFE2F9219B6528F7E657D52DB1F6CDEB779D8FEE226B224253CED4D4EFAA349B8BD7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:!<arch>./ -1 0 14598 `....+..t...w...x@...X...X...........Z...Z...........t...t...v...v...z...z...........R...R...........,...,..........."..."...........,...,...........0...0...L...L...................d...d...........h...h...........r...r..................................."..."...........>...>...........B...B...........P...P...................p...p...................................................,...,...........2...2...........L...L...........f...f...........................T...T...........................t...t...................................n...n...........................~...~...d...d...........................................8...8...........................................f...f...:...:...........V...V...........@...@..."..."...................H...H..................|...|....@...@..{6..{6..~...~....J...J..................}...}............*...*..........}v..}v...........*...*...........:...:...........P...P...........Z...Z............

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\luaconf.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21043
                                                                                                                                                                                                          Entropy (8bit):5.394919695008515
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:AmA+N/G+woUL8m7ETjv68AaMNZjXrQvLXF2ZsgcoGkR3lY6TKhaokMC5:++zbTr68AaMNZjXrQvLXF2ZsgcoGkR3T
                                                                                                                                                                                                          MD5:FE4F0BA514434B7F01983B97F6E517E0
                                                                                                                                                                                                          SHA1:7057FB0BCC204AC4E65AADDBDA350BF8F7488A3E
                                                                                                                                                                                                          SHA-256:0C5D09A7908F99B80377B3157A0BD37C6322CDC0AF437E99501AE746037408EC
                                                                                                                                                                                                          SHA-512:BEBB3A5C5384D0A08955A95970A40509D2ECE40FEEFB0A7C80BBFD4F9CF02E88AED69B5BF05BA6FFFABDD88D364BBB717AD4F59E3A1B6999BCD1CDEBDD410D53
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..** $Id: luaconf.h,v 1.238 2014/12/29 13:27:55 roberto Exp $..** Configuration file for Lua..** See Copyright Notice in lua.h..*/......#ifndef luaconf_h..#define luaconf_h....#include <limits.h>..#include <stddef.h>....../*..** ===================================================================..** Search for "@@" to find all configurable definitions...** ===================================================================..*/....../*..** {====================================================================..** System Configuration: macros to adapt (if needed) Lua to some..** particular platform, for instance compiling it with 32-bit numbers or..** restricting it to C89...** =====================================================================..*/..../*..@@ LUA_32BITS enables Lua with 32-bit integers and 32-bit floats. You..** can also define LUA_32BITS in the make file, but changing here you..** ensure that all software connected to Lua will be compiled with the..** same configurati

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\plugins\lualib.h (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1231
                                                                                                                                                                                                          Entropy (8bit):5.27341352475105
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:1i4ToLKs3cpb0gxTCLZKds9dk3kzVr4FiRok:Eaom3IVWiRok
                                                                                                                                                                                                          MD5:D763A23012A8DAFD2D76CE4A0609CC17
                                                                                                                                                                                                          SHA1:B7C2040F6EF844048A1B17E204658AD0F5C6957E
                                                                                                                                                                                                          SHA-256:3890F6CE73F70F6EB67EC42A74F7C8CEF40FA184659934906648C8ACADB53FBF
                                                                                                                                                                                                          SHA-512:9AC100782422E02809F5A63A42B9787F97C9FF292CC3EBB7E2DC39B5E40E671C566A74DEC8D1A748B7D4E8666499F045FDEE6ED4DDB0207FF7856145CBFD294E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/*..** $Id: lualib.h,v 1.44 2014/02/06 17:32:33 roberto Exp $..** Lua standard libraries..** See Copyright Notice in lua.h..*/......#ifndef lualib_h..#define lualib_h....#include "lua.h"........LUAMOD_API int (luaopen_base) (lua_State *L);....#define LUA_COLIBNAME."coroutine"..LUAMOD_API int (luaopen_coroutine) (lua_State *L);....#define LUA_TABLIBNAME."table"..LUAMOD_API int (luaopen_table) (lua_State *L);....#define LUA_IOLIBNAME."io"..LUAMOD_API int (luaopen_io) (lua_State *L);....#define LUA_OSLIBNAME."os"..LUAMOD_API int (luaopen_os) (lua_State *L);....#define LUA_STRLIBNAME."string"..LUAMOD_API int (luaopen_string) (lua_State *L);....#define LUA_UTF8LIBNAME."utf8"..LUAMOD_API int (luaopen_utf8) (lua_State *L);....#define LUA_BITLIBNAME."bit32"..LUAMOD_API int (luaopen_bit32) (lua_State *L);....#define LUA_MATHLIBNAME."math"..LUAMOD_API int (luaopen_math) (lua_State *L);....#define LUA_DBLIBNAME."debug"..LUAMOD_API int (luaopen_debug) (lua_State *L);....#define LUA_LOADLIBNAME."pa

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\speedhack-i386.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):205720
                                                                                                                                                                                                          Entropy (8bit):6.5406944146931805
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:KNyaW1Pg7kFtOp8+vRha0DAyheYn13qaIhRFXOucMEx33sOZrcOo:KNyal78m8+vRMEe4a4OEtTi
                                                                                                                                                                                                          MD5:6E00495955D4EFAAC2E1602EB47033EE
                                                                                                                                                                                                          SHA1:95C2998D35ADCF2814EC7C056BFBE0A0EB6A100C
                                                                                                                                                                                                          SHA-256:5E24A5FE17EC001CAB7118328A4BFF0F2577BD057206C6C886C3B7FB98E0D6D9
                                                                                                                                                                                                          SHA-512:2004D1DEF322B6DD7B129FE4FA7BBE5D42AB280B2E9E81DE806F54313A7ED7231F71B62B6138AC767288FEE796092F3397E5390E858E06E55A69B0D00F18B866
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...G ........)...........0...............................@..........................................@.......P........................g......."......................................................h............................text... ........................... ..`.data........0......................@....rdata..._...P...`...*..............@..@.bss.....)...............................CRT................................@....idata..=...........................@....edata..@...........................@..@.reloc...".......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\speedhack-x86_64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):262552
                                                                                                                                                                                                          Entropy (8bit):6.029187209935358
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:JViiO5Ea9m3XJusq4opSm7Im9SC2w/iKhF58jfq65bgusSVIRZOl0vDoD4CfOMsj:JVZcWJusRPm7kCdKfkkApZt
                                                                                                                                                                                                          MD5:19B2050B660A4F9FCB71C93853F2E79C
                                                                                                                                                                                                          SHA1:5FFA886FA019FCD20008E8820A0939C09A62407A
                                                                                                                                                                                                          SHA-256:5421B570FBC1165D7794C08279E311672DC4F42CB7AE1CBDDCD7EEA0B1136FFF
                                                                                                                                                                                                          SHA-512:A93E47387AB0D327B71C3045B3964C7586D0E03DDDB2E692F6671FB99659E829591D5F23CE7A95683D82D239BA7D11FB5A123834629A53DE5CE5DBA6AA714A9A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...G O......h...`...............................................J^..................................................@.......P............`...-.......g..........................................................P................................text... O.......P.................. ..`.data........`.......T..............@....rdata..l............n..............@..@.pdata...-...`.......F..............@..@.bss....h................................CRT.................t..............@....idata...............v..............@....edata..@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\standalonephase1.cepack (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28924
                                                                                                                                                                                                          Entropy (8bit):7.991784495689372
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:SSHnnhPVVYCzrpCuqOMWlPLe1uvY1R78Occgok:SSHnnJDXZY1RgOccK
                                                                                                                                                                                                          MD5:FE3637780172B207CB31BB3DC612CD34
                                                                                                                                                                                                          SHA1:B65FA4078DCB813EBBA16784C80BC7A0E71025DD
                                                                                                                                                                                                          SHA-256:080A0AE9634FB07F2E9B1DDEA31491564195865DCD2B6201E1A10A13E8CDD5E9
                                                                                                                                                                                                          SHA-512:8F1DA48E6F224B7E7E6EF26D11D3C484A254E9A335DA9E59B837A81F9B7DB501039F31EF9AD055A07BB139BC1147C114923742C3204156AE3371A0F225A433CC
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:CEPACK......x.E.0..$.0I..`.........M......&...!.w...eC7.J .q.)Zq..u..^Y...z..+?.8C0!..T@A.k......0..s.g.......<....%.tuU.:u...SU..+...9.......3......./}...WS.....).{.Y....g..?....?...L...C9..Os..iN."w.O~..[..Rsc8~.u....3.....<s....L+s...+...3.3...............3s.{..^.s-..'.-0%r.n..2...%.F.R8.I..a.LxX..|...=...ci...cb....&.v41@..t...gy..V.7..a.....r..\..k...\j...o..Z/.{..#..Xc......xPz..2...>.~.....:n5...7..x.....Z.....n..+.....h.....t............W....j.8..m.s.k/.e\..Jc}.. W......:8z....C.i[s..9..qz.........[Z6.~.k..7....!...Tk....u...;8m3.U....|.y_.+x...A..f@6...p........I.....z..<.p.L.@.K?.a.0..O....... ..f..d0.w.>N-..E.w...L.-.b.g....{..K@.....gf.T (>.&.c..)o)7aQ#$.<.@2;.Y.......u.Wu.-....J.\hv.j..V..,.Kv.2.s.N...g.X......mf@P.....k....Q..../...Fj.5.........X{h............r...`.q+U.\.=..,Yf..).....dV..a..m.@..'iQVP....e..3.../v`@{ ..<C&...||........3..7....<.)....u+6:2.V..{......B.]ibU.r.........H*.ea..M.E.ct.m.r.+}f..X2 . ...

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\standalonephase2.cepack (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):99199
                                                                                                                                                                                                          Entropy (8bit):7.9924368254113025
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:1536:CGNxLS1cRzW1Dx15WXGNp7u4A3AP6ovMlJEyWYykDQdTkQRWMJv2kXWMFopxLZq5:QcFW1DdDrTP6o0jEyERskXepHqz9
                                                                                                                                                                                                          MD5:EC8679FCB11314E333F6518113F1D71E
                                                                                                                                                                                                          SHA1:F6642D2551238733324141810B12C964FFE3B518
                                                                                                                                                                                                          SHA-256:45CFE56AE9CBB58FC51700425A19771C87029F63CB1A96CB258AEBE6AEE9D37A
                                                                                                                                                                                                          SHA-512:71EF7CBACD90317D32B0E4E81F64B6A4BABF644A1391396E9FF6C000C902660CFE87E5A86DF456EF5FB2DE0E6688BBF0778AB917D98BC86FB81AEA658672B4DB
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:CEPACK.....}}|S.....m....B..k...U7.....Q.@..u.a...V.`...zz..6.~u..'.lCe...(i...2M)....dzK.F.m(.....4.....~....M..s...<.y.s.M.]>F.0..O,.0-..W.......?.....\......+.>..p].c.........9...@a......-\r...G.[......U....,c.R..1.>..O...53.fI)..7.2L..S..N..U.W..DD.|..,~...SJcz....z.,....*...4.Sz...t....lrb..G.P........}.....C..@.>..;t).......e...#.._..+.....c.i.....W......?.z..........-i.ui.U.......Z3....[.....O.b........I.....4..x.&n...h..4.bM.:M|.&.@./..h.VM|.&^.....Wk..h..i.k4....:M..o..5.:M.A.o....}.........fM|.&.U...o..wh.-..nM.....4.x@.?...5..x.&~Z..5..M<...j..M<..3...9M...5q.&....h..5.BM......i...u..|M|.&^../....2M.B._............h.k5.5.u..S...Wk.u.x.&..&.......7k.[4..6M|.&.C.oI..k./m|s.o..9....%.(.Mu..N-b..s/..!1.V.).s<~\....d...U...m..((...|._...{...y70/.A.X....b... ....@:..l3..tdT`....b...>Z*..!......~.'....G:XF...H\."....%...T.+^x~.....?b.......}S...0........+.9UP.l...........v.O..].?...6.....g1.s.i...,.0..[...<.C.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcc32-32-linux.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):386976
                                                                                                                                                                                                          Entropy (8bit):6.870368063282166
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:359aKWK/HqY5AXeWEfv6TBr4udWNrzJD10P9TQmxhAIXiCUXEC+Y4r/w2MGkTkm/:J9WsHse9fvcBrnd8rzZ10eMhEChC+Ygi
                                                                                                                                                                                                          MD5:486237BC5FA41DCE8C3022B9B6221FE5
                                                                                                                                                                                                          SHA1:C00BA51895DEAB2054C6F0F7DD3CF397E119C6FE
                                                                                                                                                                                                          SHA-256:4E2C87700CCDD3B34215C6BC64AE4582AC5FF373CFD3E93E8F7D2016960BA80D
                                                                                                                                                                                                          SHA-512:5F4010D8F9B0C865DE209E90625F178C8A7370AF1F7BE85552147EBD9EE7D033B01DD5A277FB646E2D289D2821462ADBB0959E507CD0A044CE79CB1C526A385B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...x...y...x4..y...x...y./.y...y...x...y...x...y...x...y...x...y...y..y...x...y...x...y..1y...y...x...yRich...y........................PE..L...;.6c...........!.....f...N......D.....................................................@..........................B......$F..(....................|...k.......7...8..p...........................p8..@...............D............................text...[d.......f.................. ..`.rdata..t............j..............@..@.data....E...P.......8..............@....rsrc................B..............@..@.reloc...7.......8...D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcc32-32.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):386976
                                                                                                                                                                                                          Entropy (8bit):6.870406853054738
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:e59aKWK/HqY5AXeWEfv6TBr4udWNrrJ710vFTAmJxQIfaCU/MC3O74r/wuMGFYsN:G9WsHse9fvcBrnd8rrR10WUxkCxC3O7S
                                                                                                                                                                                                          MD5:81633981057858F56BECB3BD316283E9
                                                                                                                                                                                                          SHA1:F6981034B1A5E23766BA4D40D451D784A1CFF83E
                                                                                                                                                                                                          SHA-256:4885754E6AC08304858383E47D3ADA425409988871BA6586151143D511488614
                                                                                                                                                                                                          SHA-512:99886CB451EAE690657AC848B63D58CD8B436849F6D073C5C073B624A6956397AC5AB6B636B1970C60DCE4EB5B3512372A4EC79FC28E9397AFE7D0791466D0A3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*...y...y...y...x...y...x4..y...x...y./.y...y...x...y...x...y...x...y...x...y...y..y...x...y...x...y..1y...y...x...yRich...y........................PE..L...0.6c...........!.....f...N......D.....................................................@.........................pB.......F..(....................|...k.......7...8..p...........................p8..@...............D............................text...[d.......f.................. ..`.rdata..`............j..............@..@.data....E...P.......8..............@....rsrc................B..............@..@.reloc...7.......8...D..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcc64-32-linux.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):443296
                                                                                                                                                                                                          Entropy (8bit):6.630155817797785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:bdQpG4IhjOSudLX4PGUGTdVwYr9ABfpMqYFOso5WMKYnTrLxWAld/wydfCigAA:apG4w5upwGTv9GWov1nlVAV
                                                                                                                                                                                                          MD5:0C7D89B75430A40824A5D7B79890324E
                                                                                                                                                                                                          SHA1:7E03E3D5386B1ED49104C3B35E44A545863BCBB9
                                                                                                                                                                                                          SHA-256:6B21B24279309F4117F8E39CDAF940F645C15D92442990A77655C8F898BB2227
                                                                                                                                                                                                          SHA-512:31453A2575FD7674AC7802DC8F740C79D357AD3464869F6EFD5E4A3892114EE9767715EBCA0D39E5B39CA8DA7BFED7E671D3EB24DBFB698C57ECA196D4FDFC85
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.mD............i.......i.......i........K......^.......^.......^.......i...........R...................................Rich............PE..d...8.6c.........." ................ %..............................................`{....`.........................................`........!..(................1...X...k...... .......p............................................................................text............................... ..`.rdata...).......*..................@..@.data...RX...0......................@....pdata...1.......2..................@..@.rsrc................N..............@..@.reloc.. ............P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcc64-32.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):446368
                                                                                                                                                                                                          Entropy (8bit):6.635233277412147
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:aSn7zUunHkqypGYKKOyt8GMyKw0ORVdPpEPwkdRHhvOOZoU/wC/cQBi4Blb:nzU8E9GDWKMRPAZhvpoUOo
                                                                                                                                                                                                          MD5:069EC7832ADBF93BD04A91B07FF00D78
                                                                                                                                                                                                          SHA1:5ED84D13FFCEF487EB039CD75DE91294C25ED0CC
                                                                                                                                                                                                          SHA-256:8C8C608AE67F8B8A4E56DAF2EDEA1A92CBA6866D4F324BD0E5AD1284126849A7
                                                                                                                                                                                                          SHA-512:D9E9D40DE2509B112762ADE7EF0BB6DB91EB5687AE6EA9689ABD7A7AF8BA601297655587EEF34F7D1DAC62D77E5B586BE71B19F044EBF53028CFE90DDCE776F8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................8...Fk...................................................S...........Rich...........................PE..d...=.6c.........." ......................................................................`..........................................'.......*..(................1...d...k..............p............................................................................text...`........................... ..`.rdata...3.......4..................@..@.data....X...@......................@....pdata...1.......2...(..............@..@.rsrc................Z..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcc64-64-linux.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):456096
                                                                                                                                                                                                          Entropy (8bit):6.635086574093954
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:tTaB+hAvavjZihpuXh9js6zMxfdKCXbRRUsQHoh3+KZ+a3cnldkEBX/zrMMZKUjo:haBtvavY6XhNrzSk2gxQ3Wn7kw3o
                                                                                                                                                                                                          MD5:AA97F366592E0FA41D2D2F61765CA7D5
                                                                                                                                                                                                          SHA1:BE85DAF3B07E66225CD4167F96ED6292CCE54E1E
                                                                                                                                                                                                          SHA-256:D63036771F21AE7E056F2211CB560BFCF79ADE356B59D8F462050B2DD840E86C
                                                                                                                                                                                                          SHA-512:F16D3F899504EF556D186BEBE1A526D9999454AB60697CDE221130720AB8154003543A62C4E53124C902E51FCF62B653C914B316DA0E3766DF5026E386DD47CC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......HJjD.+...+...+..iM...+..iM...+..iM...+.......+..^C...+..^C...+..^C...+..iM...+...+..S+...B...+...B...+...B...+...B...+..Rich.+..........................PE..d...3.6c.........." ................@P..............................................C.....`..........................................C......4G..(................3.......k......$... ...p............................................ ...............................text...p........................... ..`.rdata.../... ...0..................@..@.data...jX...P.......@..............@....pdata...3.......4...L..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcc64-64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):455072
                                                                                                                                                                                                          Entropy (8bit):6.627282046325032
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:8NqQopGY6gsnGubx5JbmZl2Wjm+9498RkaGlef/AYbAPrqEThN0dWI/mo1pdUMMe:fQoIfvxCc64fauA0lhydIo1AfDW
                                                                                                                                                                                                          MD5:E8DFC0D2D41483C7725E4EBB7E32D324
                                                                                                                                                                                                          SHA1:B2890C91EFBA390B68E481CD2EE311136B740EDE
                                                                                                                                                                                                          SHA-256:1172F2D7B1FB34408C8FFC248E3E719922843EA07BD5B409BE3405D1C300B3F7
                                                                                                                                                                                                          SHA-512:539A1BD18D4753D69756B9B7E6603DD6E7A3F354CA002DECE206F7E2F1E2792704F3D80F38B37C0C41F16A1FD9DE32CC4DD5873959D762C5AA13388715EE7803
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................8...Fi...................................................Q...........Rich...........PE..d...5.6c.........." ................P5...............................................h....`..........................................<.......?..(...............d2.......k..............p...........................p................................................text............................... ..`.rdata...8.......:..................@..@.data....X...P.......<..............@....pdata..d2.......4...H..............@..@.rsrc................|..............@..@.reloc...............~..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcc64-aarch64-linux.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1113504
                                                                                                                                                                                                          Entropy (8bit):5.932626447270598
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:3+hKmLazchlUT5PzJXmGFYKUeMzkMz7S480UJ+RNdO24a/s0X4G:Uy4n8VWGQdS480U4RN20X4G
                                                                                                                                                                                                          MD5:CCD151D8EE8ED05AA0E1D9142FD6E438
                                                                                                                                                                                                          SHA1:8D343BBC1A6F2D5D9ED8813427635696291C8F0D
                                                                                                                                                                                                          SHA-256:5C929F453DB7F0703BC8F939E39D48C79ECAB9E453918E5D0CD136C8026474CC
                                                                                                                                                                                                          SHA-512:DCB0B9A9B2908D5D55214F6A261B0A8C08889603CFABC327A7A82387012925BBF486B5C28B5250E9449FF9758748A021023C99EE02B59ABBB7B3C979A06DAEB4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0.Z't.4tt.4tt.4t..0ux.4t..7ur.4t..1u.4t.3.t~.4t&.1ui.4t&.0ue.4t&.7u~.4t..5uw.4tt.5t).4t..0uu.4t..1uu.4t..4uu.4t...tu.4t..6uu.4tRicht.4t........PE..d.....6c.........." .....\..........o........................................ ............`.............................................d......(.......<.......\........k..........@...8............................................................................textbss.A...............................text....Z...`...\.................. ..`.rdata...@.......B...`..............@..@.data...............................@....pdata..X...........................@..@.idata..r............Z..............@..@.msvcjmc8............l..............@....00cfg...............n..............@..@.rsrc...<............p..............@..@.reloc..7............v..............@..B................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcclib\COPYING (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26932
                                                                                                                                                                                                          Entropy (8bit):4.662099291681256
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:cjWBIk+x/vIqk0TkX6sT6AATeINgKP+nHQ41fgcmmItyOQeM9YfWEeHBvo0:ciBJsFkOTeDnLqFXTfleHBvo0
                                                                                                                                                                                                          MD5:72B6BD92AB82F8774BBBB73C217C57B6
                                                                                                                                                                                                          SHA1:86D1215F2E127BFFD94F7B7BE6F7C4CE94ACDDA8
                                                                                                                                                                                                          SHA-256:9B183E7F0356C398CC0A65C4A2D2CD56F2149A8E244264C4D26AC59E9DADA3E8
                                                                                                                                                                                                          SHA-512:504E32EEBF7F3FDF37BB354F8B32BA9BB0810B490563AC5E8E58EF8BB3844A196706C8A25335E71A3D2E70C1C6C6304A6AEC7A9EFB309E89EEA89F6D9607A437
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.. GNU LESSER GENERAL PUBLIC LICENSE.... Version 2.1, February 1999.... Copyright (C) 1991, 1999 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed.....[This is the first released version of the Lesser GPL. It also counts.. as the successor of the GNU Library Public License, version 2, hence.. the version number 2.1.]....... Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..Licenses are intended to guarantee your freedom to share and change..free software--to make sure the software is free for all its users..... This license, the Lesser General Public License, applies to some..specially designated software packages--typically libraries--of the..Free Software Foundation and other authors who decide to use it. You..can

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcclib\RELICENSING (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2763
                                                                                                                                                                                                          Entropy (8bit):4.679490275459229
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:wmINs5JslcE338QHFs5DGT93oVFl/9OsmONbs+2y:w7/Tn8QHDonOsJhs+
                                                                                                                                                                                                          MD5:0006E501494FE7AAC40035AD1E9B84A9
                                                                                                                                                                                                          SHA1:4D885BAA2024FA1CE2DF99041EC4B0D046549587
                                                                                                                                                                                                          SHA-256:B8CA96FA5251F2449F47F5E62E5B7C54A0D0DBCA353627D1C67A8B2CC71958E0
                                                                                                                                                                                                          SHA-512:BFF444F24836B3D85E734F4FE11FFDFD095E4F1386D54E4C934EDD3B9162E6D92BA0939103BDCC3B708D6296B9C268DDD77E4B63322A429DD4782202D754831C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.. Relicensing TinyCC.. ------------------.... The authors listed below hereby confirm their agreement to relicense TinyCC.. including their past contributions under the following terms:...... * Permission is hereby granted, free of charge, to any person obtaining a copy.. * of this software and associated documentation files (the "Software"), to deal.. * in the Software without restriction, including without limitation the rights.. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.. * copies of the Software, and to permit persons to whom the Software is.. * furnished to do so, subject to the following conditions:.. *.. * The above copyright notice and this permission notice shall be included in.. * all copies or substantial portions of the software... *.. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEM

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcclib\REST (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):119
                                                                                                                                                                                                          Entropy (8bit):4.371155522109906
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:GACoYQZGhzeF7FEd2NAFNMLAdS4INMLAKQvI+IEQtM0KRvMH:SorZGIF72gNAFNM0deNM0tI+IEQ+0KmH
                                                                                                                                                                                                          MD5:7C3537668B4B35F486F199AF30768340
                                                                                                                                                                                                          SHA1:611F489364DF2A1D404022ECFCF6BB028103CC19
                                                                                                                                                                                                          SHA-256:5F58445C525B6BE19809AA19D69067C1910EDF90A9C56A508571A56EE4CDB5F1
                                                                                                                                                                                                          SHA-512:FD3EC07B964BB66C604BFB55A7701951E47CCA13D9AC5811F35BE6EFF8C81745A7AB62F3A22393B1D5AF303702943B2FAB7C499BFA6037C8B79396C98A39D27B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:The rest of this project can be found at https://github.com/cheat-engine/cheat-engine/tree/master/Cheat%20Engine/tcclib

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcclib\is-1CIQN.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):119
                                                                                                                                                                                                          Entropy (8bit):4.371155522109906
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:GACoYQZGhzeF7FEd2NAFNMLAdS4INMLAKQvI+IEQtM0KRvMH:SorZGIF72gNAFNM0deNM0tI+IEQ+0KmH
                                                                                                                                                                                                          MD5:7C3537668B4B35F486F199AF30768340
                                                                                                                                                                                                          SHA1:611F489364DF2A1D404022ECFCF6BB028103CC19
                                                                                                                                                                                                          SHA-256:5F58445C525B6BE19809AA19D69067C1910EDF90A9C56A508571A56EE4CDB5F1
                                                                                                                                                                                                          SHA-512:FD3EC07B964BB66C604BFB55A7701951E47CCA13D9AC5811F35BE6EFF8C81745A7AB62F3A22393B1D5AF303702943B2FAB7C499BFA6037C8B79396C98A39D27B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:The rest of this project can be found at https://github.com/cheat-engine/cheat-engine/tree/master/Cheat%20Engine/tcclib

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcclib\is-336PT.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26932
                                                                                                                                                                                                          Entropy (8bit):4.662099291681256
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:cjWBIk+x/vIqk0TkX6sT6AATeINgKP+nHQ41fgcmmItyOQeM9YfWEeHBvo0:ciBJsFkOTeDnLqFXTfleHBvo0
                                                                                                                                                                                                          MD5:72B6BD92AB82F8774BBBB73C217C57B6
                                                                                                                                                                                                          SHA1:86D1215F2E127BFFD94F7B7BE6F7C4CE94ACDDA8
                                                                                                                                                                                                          SHA-256:9B183E7F0356C398CC0A65C4A2D2CD56F2149A8E244264C4D26AC59E9DADA3E8
                                                                                                                                                                                                          SHA-512:504E32EEBF7F3FDF37BB354F8B32BA9BB0810B490563AC5E8E58EF8BB3844A196706C8A25335E71A3D2E70C1C6C6304A6AEC7A9EFB309E89EEA89F6D9607A437
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.. GNU LESSER GENERAL PUBLIC LICENSE.... Version 2.1, February 1999.... Copyright (C) 1991, 1999 Free Software Foundation, Inc... 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.. Everyone is permitted to copy and distribute verbatim copies.. of this license document, but changing it is not allowed.....[This is the first released version of the Lesser GPL. It also counts.. as the successor of the GNU Library Public License, version 2, hence.. the version number 2.1.]....... Preamble.... The licenses for most software are designed to take away your..freedom to share and change it. By contrast, the GNU General Public..Licenses are intended to guarantee your freedom to share and change..free software--to make sure the software is free for all its users..... This license, the Lesser General Public License, applies to some..specially designated software packages--typically libraries--of the..Free Software Foundation and other authors who decide to use it. You..can

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcclib\is-P7CS5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2763
                                                                                                                                                                                                          Entropy (8bit):4.679490275459229
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:wmINs5JslcE338QHFs5DGT93oVFl/9OsmONbs+2y:w7/Tn8QHDonOsJhs+
                                                                                                                                                                                                          MD5:0006E501494FE7AAC40035AD1E9B84A9
                                                                                                                                                                                                          SHA1:4D885BAA2024FA1CE2DF99041EC4B0D046549587
                                                                                                                                                                                                          SHA-256:B8CA96FA5251F2449F47F5E62E5B7C54A0D0DBCA353627D1C67A8B2CC71958E0
                                                                                                                                                                                                          SHA-512:BFF444F24836B3D85E734F4FE11FFDFD095E4F1386D54E4C934EDD3B9162E6D92BA0939103BDCC3B708D6296B9C268DDD77E4B63322A429DD4782202D754831C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.. Relicensing TinyCC.. ------------------.... The authors listed below hereby confirm their agreement to relicense TinyCC.. including their past contributions under the following terms:...... * Permission is hereby granted, free of charge, to any person obtaining a copy.. * of this software and associated documentation files (the "Software"), to deal.. * in the Software without restriction, including without limitation the rights.. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.. * copies of the Software, and to permit persons to whom the Software is.. * furnished to do so, subject to the following conditions:.. *.. * The above copyright notice and this permission notice shall be included in.. * all copies or substantial portions of the software... *.. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEM

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcclib\lib\is-1DQ1T.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13913
                                                                                                                                                                                                          Entropy (8bit):5.0625346433631195
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:r19A/cZMTI5yb/KekUbGXiTYli8hcHPHuwGX9Gln4FmgopA:r19i5x/8hEfuTGQCm
                                                                                                                                                                                                          MD5:BDE9BB4FFF437414B38B1FEB2E8C5A0A
                                                                                                                                                                                                          SHA1:8CC60A152FA9FAABD63980977F93230AD4462FF2
                                                                                                                                                                                                          SHA-256:E656129DB32DD84EEB1BCE8CE9E6296943F1920EDB6E9296F67A5986E3C84E6E
                                                                                                                                                                                                          SHA-512:91653AEDFADA80F62D2906A09671932D9603CA884BC09B5BCE0317A29DF934252C7AC3BF6557399C642F010BE2ADDC90E96EA87EC5F3DC2AFEAD491F1E27BC39
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/* TCC runtime library. .. Parts of this code are (c) 2002 Fabrice Bellard .... Copyright (C) 1987, 1988, 1992, 1994, 1995 Free Software Foundation, Inc.....This file is free software; you can redistribute it and/or modify it..under the terms of the GNU General Public License as published by the..Free Software Foundation; either version 2, or (at your option) any..later version.....In addition to the permissions in the GNU General Public License, the..Free Software Foundation gives you unlimited permission to link the..compiled version of this file into combinations with other programs,..and to distribute those combinations without any restriction coming..from the use of this file. (The General Public License restrictions..do apply in other respects; for example, they cover modification of..the file, and distribution when not linked into a combine..executable.)....This file is distributed in the hope that it will be useful, but..WITHOUT ANY WARRANTY; without even the implied warra

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tcclib\lib\libtcc1.c (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13913
                                                                                                                                                                                                          Entropy (8bit):5.0625346433631195
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:r19A/cZMTI5yb/KekUbGXiTYli8hcHPHuwGX9Gln4FmgopA:r19i5x/8hEfuTGQCm
                                                                                                                                                                                                          MD5:BDE9BB4FFF437414B38B1FEB2E8C5A0A
                                                                                                                                                                                                          SHA1:8CC60A152FA9FAABD63980977F93230AD4462FF2
                                                                                                                                                                                                          SHA-256:E656129DB32DD84EEB1BCE8CE9E6296943F1920EDB6E9296F67A5986E3C84E6E
                                                                                                                                                                                                          SHA-512:91653AEDFADA80F62D2906A09671932D9603CA884BC09B5BCE0317A29DF934252C7AC3BF6557399C642F010BE2ADDC90E96EA87EC5F3DC2AFEAD491F1E27BC39
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:/* TCC runtime library. .. Parts of this code are (c) 2002 Fabrice Bellard .... Copyright (C) 1987, 1988, 1992, 1994, 1995 Free Software Foundation, Inc.....This file is free software; you can redistribute it and/or modify it..under the terms of the GNU General Public License as published by the..Free Software Foundation; either version 2, or (at your option) any..later version.....In addition to the permissions in the GNU General Public License, the..Free Software Foundation gives you unlimited permission to link the..compiled version of this file into combinations with other programs,..and to distribute those combinations without any restriction coming..from the use of this file. (The General Public License restrictions..do apply in other respects; for example, they cover modification of..the file, and distribution when not linked into a combine..executable.)....This file is distributed in the hope that it will be useful, but..WITHOUT ANY WARRANTY; without even the implied warra

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\tiny.cepack (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):36018
                                                                                                                                                                                                          Entropy (8bit):7.994007484272608
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:9vQvLQOAupOW0bBJ8RkEgh+zhlrKlfaMfToatTCCRFxg4Oaun:9Yv1bpOW0bBJ8goVUsMfcUvzOaun
                                                                                                                                                                                                          MD5:927EF77EFDA84808C9088632C76843E5
                                                                                                                                                                                                          SHA1:AA73E4C27F8A00DF4C9B8BD05088D483B5F8FF9B
                                                                                                                                                                                                          SHA-256:422A2989BABB5E9512C98B3FA24C4F5A0BA9A72C3C71A920C5F979316E1674C7
                                                                                                                                                                                                          SHA-512:98B6BA444008B5978D65FA83487465D700D6EEE721CE8990F1D2E034945F7650E7031E4B9E18C945FE81C6919E5213750DC4E2D86829988E25A3B237559E90E8
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:CEPACK......|T.0~v.$9I69.$.$@.`.F..%.!.$....]"$`.t]..p.`%.x...a....R.....^.X..B........6...j......3gw...{.....|...{..3.<3..3..<3)...g.8....q\3...s...=.K...d...?.h6,...<.m..P...<.H.......$e|.........0.hiE.#?Z...II..a.?<p1..s.......1....hc....M...;..6:X|..Y.yc.sob...A<.....[l..~....#t....x....q...........q1.<1Q...X....l.g...u.....S...l..b..F...}......>.:_2.c....H.|0LPs..G...5..}@z...3.u..~o]G".....]..c.:.}......5..?.k..V......?...D.....o.-.......[N.)...K|2..E.f...(3..I.#..E.....3...O.Gv.R.U.....&."..y9-5...4..!.q'......%...!..N-....d.r-U..3,..3........'.0;..h....G.....IN...M...x(.,`M...t.C...?.,4..+...@...4-.>....;>.x(..K.&.B...4.IR..@RK....$-....R..g.Z*4:...R.@...Ry.J..M.q.u.hb....s%....A.r...2S.. .;.v...&....h.......4.[.._..[b(ih..@.}zi..N.K.....'u..$i.V.BR.[....F.I.....A&..........e,..)...P.%.Ui..|.oP.B..0&../_..R..N..(3...(.~9....2z...a.h.[O.h...S..[..S..F...a..v...83E9....U..~.@..b#c.;..YN %..m....E1D.t.d 6......h%....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\unins000.dat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:InnoSetup Log 64-bit Cheat Engine, version 0x418, 67933 bytes, 609290\37\user\376\, C:\Program Files\Cheat Engine 7.5\376\377\
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):67933
                                                                                                                                                                                                          Entropy (8bit):3.6985748540177967
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:BFKlzYQzqmvyKfZuRKd6Dlbmrgf4JyA3ZekH:BFKlzYQzqmvyuZuW
                                                                                                                                                                                                          MD5:87CCE5545B9A3F7A985F461316EFC003
                                                                                                                                                                                                          SHA1:5F20003D400D22663771DC094D78C32FEB62E3B5
                                                                                                                                                                                                          SHA-256:B09BE9C01BC355FF6BECA1B0EAD80D7F1B7E04AB27A4AB3A5C74F5C507DD2B2D
                                                                                                                                                                                                          SHA-512:AA356D1C385F2026C91EA5C12ABBDAD0A61216991A82E857099BD05BE2EA7A7FE199AC2ED5A99BDF80F214386234D1E2E6A3D742BA20A91F86AD727CD1B37CD2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Inno Setup Uninstall Log (b) 64-bit.............................Cheat Engine....................................................................................................................Cheat Engine........................................................................................................................v...]...................................................................................................................s.X..........5Ib......{........6.0.9.2.9.0......t.i.n.a......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5....................1.. ......).......IFPS....&...(....................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TEXECWAIT.........TUNINSTALLSTEP.........TMSGBOXTYPE.....

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\unins000.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3223968
                                                                                                                                                                                                          Entropy (8bit):6.338087367720092
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:vdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TYfx:0HDYsqiPRhINnq95FoHVBT333T+
                                                                                                                                                                                                          MD5:9AA2ACD4C96F8BA03BB6C3EA806D806F
                                                                                                                                                                                                          SHA1:9752F38CC51314BFD6D9ACB9FB773E90F8EA0E15
                                                                                                                                                                                                          SHA-256:1B81562FDAEAA1BC22CBAA15C92BAB90A12080519916CFA30C843796021153BB
                                                                                                                                                                                                          SHA-512:B0A00082C1E37EFBFC2058887DB60DABF6E9606713045F53DB450F16EBAE0296ABFD73A025FFA6A8F2DCB730C69DD407F7889037182CE46C68367F54F4B1DC8D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1......u1...@......@....................-.......-..9....................0..k....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\unins000.msg

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):24097
                                                                                                                                                                                                          Entropy (8bit):3.2749730459064845
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:b1EjNSCkf3SCqsTr6CCPanAG1tznL7VF+Iqfc51U5YQDztXfbKJG/Bfvo:b1EK6CHr6fSX+7Q1U5YQDztB/B3o
                                                                                                                                                                                                          MD5:313D0CC5D1A64D2565E35937991775A6
                                                                                                                                                                                                          SHA1:B8ACB11878C485865C9E4679248E53B83A8F3AD4
                                                                                                                                                                                                          SHA-256:5ED0233C0922E9F20307315E24B4F33C3D56AB9F42B2F75AE91E7A27FD313B66
                                                                                                                                                                                                          SHA-512:7C2DB4A3A4A8DF09F8119A7BA4CA9EBFE562F0A34D431928344E21A5853931EEFBFD910DC4026C6788AC22423BBB125F2B700326D8A1D82B134E2B486C3D0684
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Inno Setup Messages (6.0.0) (u)......................................]..+..... .C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\vehdebug-i386.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):332704
                                                                                                                                                                                                          Entropy (8bit):6.512223997122371
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:UokW02RSGoOZQcW2jS95cM0EsZjv8trtH3Vizwy:ZkW02RsOKcWnDdMv8trtX0
                                                                                                                                                                                                          MD5:E9B5905D495A88ADBC12C811785E72EC
                                                                                                                                                                                                          SHA1:CA0546646986AAB770C7CF2E723C736777802880
                                                                                                                                                                                                          SHA-256:3EB9CD27035D4193E32E271778643F3ACB2BA73341D87FD8BB18D99AF3DFFDEA
                                                                                                                                                                                                          SHA-512:4124180B118149C25F8EA8DBBB2912B4BD56B43F695BF0FF9C6CCC95ADE388F1BE7D440A791D49E4D5C9C350EA113CF65F839A3C47D705533716ACC53DD038F8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........D(..$-..................................................P...........................................d........................k.......:..................................................P................................text............................... ..`.data...D(.......*..................@....rdata..............................@..@.bss....$-...p...........................CRT.................Z..............@....idata...............\..............@....edata...............j..............@..@.reloc...:.......<...l..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\vehdebug-x86_64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):423328
                                                                                                                                                                                                          Entropy (8bit):6.077270660749132
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:gLJXTQOQV/MzZTixW5GmL7HOf0ADMTE21gFOpJz:Q+V/M9WWnL7HOf0ADMIuR
                                                                                                                                                                                                          MD5:8D487547F1664995E8C47EC2CA6D71FE
                                                                                                                                                                                                          SHA1:D29255653AE831F298A54C6FA142FB64E984E802
                                                                                                                                                                                                          SHA-256:F50BAF9DC3CD6B925758077EC85708DB2712999B9027CC632F57D1E6C588DF21
                                                                                                                                                                                                          SHA-512:79C230CFE8907DF9DA92607A2C1ACE0523A36C3A13296CB0265329208EDC453E293D7FBEDBD5410DECF81D20A7FE361FDEBDDADBC1DC63C96130B0BEDF5B1D8A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........6...2...................................................................................................p.......P..d................H.......k..........................................................LT...............................text............................... ..`.data....6.......8..................@....rdata...V...P...X...4..............@..@.pdata...H.......J..................@..@.bss.....2...............................CRT.........@......................@....idata.......P......................@....edata.......p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\vmdisk.img (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:DOS/MBR boot sector
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):477184
                                                                                                                                                                                                          Entropy (8bit):5.927630308859684
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:JEgIgQUO3gqHm5DHLj7S0/Y9kwRofaqcEL5jw/ayKImdyoO:Gg/hEm5DrHE9kwRofaqcEL5jw/ayKImD
                                                                                                                                                                                                          MD5:036B059F8C1CC9AFF3D010E5446BB16C
                                                                                                                                                                                                          SHA1:450842B84E2FACE167E2D138E4F96317CB255BB3
                                                                                                                                                                                                          SHA-256:248F3D48664482090D2C8C01B98518777DED1D900E17ACBC077EFE17258411A6
                                                                                                                                                                                                          SHA-512:4BA5E167A2E3BFE92D43759642AF7BCDB6F4C9EFA30C0F9DE85D6E9758B62FC7ED89FAFDE48910E4E059080E457E3556D23CB1D59B3062C75F81DB9C59B75657
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.$.CETC2#...............>.A..............f..p....$p1...f...pf...pf...pf.6.pf.>.pf...pf.&.p.."p...&p..(p..*p.X.,p....0p. .f..}......0.......|1....?........}..............`.............6.|...?@..|.......& |.!....Q....."|.6$|...|....s......|..........u........1.."|..."|S...J.[:..|r....."|..$|..$|:..|u...$|....$|YI...Qu.Y.....|f...|......f}....0...P.P.&f}..g}...e..e.E...X..g}...f}...<.t...e..e.E.....F....f}.....Q....f.Y...`1.....t.=..t.=..t....X...@.f1........1..f.......@s.a..DBVM BS.......U......PR>..".>..#..........R........Z.&..&.D......Ps.........r...>..".>..#.ZX.....F.<$u..PRZX.PSQW....N..$N9.r.1......0..N...u..A9.r... N...._Y[X.PSQW....N..$N9.r,1.......w...0.......a..N...u..A9.r... N...._Y[X.88=$e801:$e820:..$ax=$bx=$cx=$dx=$SMAP ERROR!..$..................$................................get VESA info success..$get VESA info failed..$ Failurevideomode 0x$..1...H..&......6........&;.........t........retry reading disk..........f1.f1........]>..?.>

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\vmdisk.img.sig (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):132
                                                                                                                                                                                                          Entropy (8bit):6.593562490537789
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:O18qyj/0fZMX/ferOk9OWtW2kdT0PgluBKd9cCkAl8F:O10/3er/X1Y4BKtJuF
                                                                                                                                                                                                          MD5:A4B42FDCA7043792CCC37C611DB21075
                                                                                                                                                                                                          SHA1:17CBF2EC6ECA6BD0CAF1DA78AF51D9F363151168
                                                                                                                                                                                                          SHA-256:8B8955524079508FEC59D396A891110660AE2486F24BC8BCBCDBCC975BB49AE7
                                                                                                                                                                                                          SHA-512:B6877F5B5B88A9B05A85F562D975A8820ACAC3773AA5FB91CEB1DA6C731C90C486A6AAF78DF6EDCF69B0EA74286DC7CC8FA2CBF98453539EFA55EC18D38116BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[0n...w+$.H'1,..t...).=s..Ds.......y....G2......wX+...W=............./X1AjF~G4...OD>....J.R."..S......0.Q[8....A..6.... ...

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win32\dbghelp.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1746376
                                                                                                                                                                                                          Entropy (8bit):6.547381278876358
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:/ETCUSw5C7fKrz3PRAarqzUH3Wj7Bnn6KB2m4JMfGPYTuLycEaU2vWUonrMLIAXg:MTj15CD0RHep6KJ4KqzEl2vWrYIA/W
                                                                                                                                                                                                          MD5:238C1C3286A94184FAE2C47CB7FB9DB8
                                                                                                                                                                                                          SHA1:EC4C96DBB342617AFCB728C4D58BDE4EDC0939DC
                                                                                                                                                                                                          SHA-256:74CCB6F5334248BA7020B9CDDC7D581FC6A3AC5A034489324A1FC134CF21DE6C
                                                                                                                                                                                                          SHA-512:0042EFB8DF5DD2D6CDE098DFD1A15217C55E8B68776856E354CED3B943C646C77A8A0132EB2A6332D76704F71A475E29F7330177CBFB4C2C4A26FFC4BA004D0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P.}...}...}.......}....R..}...}...x.......}.......}.......}....<..}.......}.......}....>..}.......}..Rich.}..........PE..L...N.,............!.........X.......-.......................................p......3;....@A............................1...D...l....@..P................!...P..........T...............................@...............@.......`....................text...1........................... ..`.data............^..................@....idata... ......."...&..............@..@.didat...............H..............@....mrdata...... .......J..............@..@.rsrc...P....@.......d..............@..@.reloc.......P.......p..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win32\is-AHB9O.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):569856
                                                                                                                                                                                                          Entropy (8bit):6.48863246830026
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:09zpo7FKqmQEPmmo6G1SbhXIBQ22wnEKNy6ZfpTh2jK23L:eUANZPmjR1SbhYBT2wEKN3pmb
                                                                                                                                                                                                          MD5:AEF51484C41C348E6ECA26EAF36B5E00
                                                                                                                                                                                                          SHA1:01A37C222BC8EAFDF250953BFD5D0593CEB7AB5A
                                                                                                                                                                                                          SHA-256:F3E9E0DF553D9DF6650981A0758EDE142A33A889786BBEB586FE7EDC7F9E27EB
                                                                                                                                                                                                          SHA-512:E7B29E38F516D934617E0C46BC0DB33390E28890867427ADA0989CBB1F1DEBAAE962B3B39D0749BC5273EFF6545B967346D5F72A460D1C07B0FD451AFD58AB65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.OT...........#................`..............a.................................p........ .................................t................................'......................................................p............................text...............................`.P`.data...............................@.`..rdata..p...........................@.`@.eh_fram8....p.......V..............@.0@.bss..................................`..edata...............`..............@.0@.idata..t............z..............@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win32\is-E37Q3.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):268760
                                                                                                                                                                                                          Entropy (8bit):6.271440072420579
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:mK+Zk16lasjUumChoTtckp/Ec3SYiAdCksr5CsHLz0hQTplZBXo8PrF5T681kO2y:Rbrdr3S/AdCkA57ghmlZ68rj6euk+hU
                                                                                                                                                                                                          MD5:B3EA90EA6E9C99965389662F8DB9DC8E
                                                                                                                                                                                                          SHA1:412685767347F0CB4360787214B28038B1F38278
                                                                                                                                                                                                          SHA-256:254609EC81013A878306C710ACFD258907E338C32EEB5FDDDB561116DFA65D40
                                                                                                                                                                                                          SHA-512:B963D9DFE09DB9C8E10CA91CF9504238F478F83BBA5B9B5BC4910725FBF917A1AF791E5FA8407D07E55589C8388C73CD0377405D03C88EEB5BA94A90DC5DF827
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[}..............d..1....n.......n...............n.......n.......n.......n.."....n.......n......Rich....................PE..L....m&@...........!.....r..........`...............................................I.....@A........................@}......l........0...................!...P..T,......T...............................@...............h...Xv.......................text....q.......r.................. ..`.data....L...........v..............@....idata...............z..............@..@.didat..............................@....mrdata.............................@..@.rsrc........0......................@..@.reloc..T,...P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win32\is-TQQAG.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1746376
                                                                                                                                                                                                          Entropy (8bit):6.547381278876358
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:/ETCUSw5C7fKrz3PRAarqzUH3Wj7Bnn6KB2m4JMfGPYTuLycEaU2vWUonrMLIAXg:MTj15CD0RHep6KJ4KqzEl2vWrYIA/W
                                                                                                                                                                                                          MD5:238C1C3286A94184FAE2C47CB7FB9DB8
                                                                                                                                                                                                          SHA1:EC4C96DBB342617AFCB728C4D58BDE4EDC0939DC
                                                                                                                                                                                                          SHA-256:74CCB6F5334248BA7020B9CDDC7D581FC6A3AC5A034489324A1FC134CF21DE6C
                                                                                                                                                                                                          SHA-512:0042EFB8DF5DD2D6CDE098DFD1A15217C55E8B68776856E354CED3B943C646C77A8A0132EB2A6332D76704F71A475E29F7330177CBFB4C2C4A26FFC4BA004D0E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........P.}...}...}.......}....R..}...}...x.......}.......}.......}....<..}.......}.......}....>..}.......}..Rich.}..........PE..L...N.,............!.........X.......-.......................................p......3;....@A............................1...D...l....@..P................!...P..........T...............................@...............@.......`....................text...1........................... ..`.data............^..................@....idata... ......."...&..............@..@.didat...............H..............@....mrdata...... .......J..............@..@.rsrc...P....@.......d..............@..@.reloc.......P.......p..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win32\sqlite3.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):569856
                                                                                                                                                                                                          Entropy (8bit):6.48863246830026
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:09zpo7FKqmQEPmmo6G1SbhXIBQ22wnEKNy6ZfpTh2jK23L:eUANZPmjR1SbhYBT2wEKN3pmb
                                                                                                                                                                                                          MD5:AEF51484C41C348E6ECA26EAF36B5E00
                                                                                                                                                                                                          SHA1:01A37C222BC8EAFDF250953BFD5D0593CEB7AB5A
                                                                                                                                                                                                          SHA-256:F3E9E0DF553D9DF6650981A0758EDE142A33A889786BBEB586FE7EDC7F9E27EB
                                                                                                                                                                                                          SHA-512:E7B29E38F516D934617E0C46BC0DB33390E28890867427ADA0989CBB1F1DEBAAE962B3B39D0749BC5273EFF6545B967346D5F72A460D1C07B0FD451AFD58AB65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.OT...........#................`..............a.................................p........ .................................t................................'......................................................p............................text...............................`.P`.data...............................@.`..rdata..p...........................@.`@.eh_fram8....p.......V..............@.0@.bss..................................`..edata...............`..............@.0@.idata..t............z..............@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win32\symsrv.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):268760
                                                                                                                                                                                                          Entropy (8bit):6.271440072420579
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:mK+Zk16lasjUumChoTtckp/Ec3SYiAdCksr5CsHLz0hQTplZBXo8PrF5T681kO2y:Rbrdr3S/AdCkA57ghmlZ68rj6euk+hU
                                                                                                                                                                                                          MD5:B3EA90EA6E9C99965389662F8DB9DC8E
                                                                                                                                                                                                          SHA1:412685767347F0CB4360787214B28038B1F38278
                                                                                                                                                                                                          SHA-256:254609EC81013A878306C710ACFD258907E338C32EEB5FDDDB561116DFA65D40
                                                                                                                                                                                                          SHA-512:B963D9DFE09DB9C8E10CA91CF9504238F478F83BBA5B9B5BC4910725FBF917A1AF791E5FA8407D07E55589C8388C73CD0377405D03C88EEB5BA94A90DC5DF827
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[}..............d..1....n.......n...............n.......n.......n.......n.."....n.......n......Rich....................PE..L....m&@...........!.....r..........`...............................................I.....@A........................@}......l........0...................!...P..T,......T...............................@...............h...Xv.......................text....q.......r.................. ..`.data....L...........v..............@....idata...............z..............@..@.didat..............................@....mrdata.............................@..@.rsrc........0......................@..@.reloc..T,...P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win64\dbghelp.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2130400
                                                                                                                                                                                                          Entropy (8bit):6.2987957684743945
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:21CydAIdaqDwWXf6J6eFyIfbIwDLk2A/R1UTwyIuZ:21fd7dxinRDLkF/R1zuZ
                                                                                                                                                                                                          MD5:7A7A9CD081AB016F84249EF4F06493AD
                                                                                                                                                                                                          SHA1:8DC1BEBFAE34C118FE3810DC9131CBF8CCBD9EDC
                                                                                                                                                                                                          SHA-256:009681092F6A13C5C28BB3B08EA14BB03BA959F9CE1A53730D069550DA376C48
                                                                                                                                                                                                          SHA-512:D2B3F302F653741298FB62D237BFC61E1555792AAD73C14395B4DD4B97FE37F745E916B9F586945042B1EDED19C2BC0E9EFD4BE57E44610D465296BD0C544E84
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[...[...[......Y...R.W.f...[.........H......_......Z......3....9.Y...........;.Z......Z...Rich[...........PE..d....B............" .....0..........P.........................................".....1.!...`A............................................X.......l.....!.P....0 ..)...` ..!....!.pN......p............................y..8...........H.......L...`....................text............0.................. ..`.rdata..4....@.......@..............@..@.data....4..........................@....pdata...)...0 ..0..................@..@.didat..8....`!.....................@....mrdata..2...p!..@..................@..@.rsrc...P.....!....... .............@..@.reloc..pN....!..P.... .............@..B........................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win64\is-0FB03.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):344528
                                                                                                                                                                                                          Entropy (8bit):5.780306640057818
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:yT/zGgy2HzkCwmkfCl00EiwtHgadXIezwnzx7I91DR9J2:y3GL2HzkCwmkfClHbghpINzZmBRa
                                                                                                                                                                                                          MD5:1473A9CCB67526D4010F1B0F9E6B2977
                                                                                                                                                                                                          SHA1:7FE8C168E976200CF1562B8E8991245226B16B9A
                                                                                                                                                                                                          SHA-256:F118FD9D6BA4C36DB3556D1035EFE90E99C00BF879A22ABEBE1DADFDBB3074D7
                                                                                                                                                                                                          SHA-512:3F459A8C9536B615BBD3B8BFEC9970F432CC72BD3287937F9F915FCBE9B2A13FCB4C45946A1722018F89DB505B418957BD513BD32A64580484D4AC7D3896A551
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........F..CF..CF..CO.1Cv..C...BB..C...BV..CF..Ce..C...BO..C...BJ..C...BG..C...B{..C..]CG..C...BG..CRichF..C........................PE..d....g............" .........................................................p.......F....`A.........................................P......tU..0....@............... ...!...`......H...p.......................(.......8....................G.......................text.............................. ..`.rdata..............................@..@.data....S...p.......p..............@....pdata........... ..................@..@.didat..............................@....mrdata..2.......@..................@..@.rsrc........@... ..................@..@.reloc.......`......................@..B................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win64\is-CL9N5.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2130400
                                                                                                                                                                                                          Entropy (8bit):6.2987957684743945
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:21CydAIdaqDwWXf6J6eFyIfbIwDLk2A/R1UTwyIuZ:21fd7dxinRDLkF/R1zuZ
                                                                                                                                                                                                          MD5:7A7A9CD081AB016F84249EF4F06493AD
                                                                                                                                                                                                          SHA1:8DC1BEBFAE34C118FE3810DC9131CBF8CCBD9EDC
                                                                                                                                                                                                          SHA-256:009681092F6A13C5C28BB3B08EA14BB03BA959F9CE1A53730D069550DA376C48
                                                                                                                                                                                                          SHA-512:D2B3F302F653741298FB62D237BFC61E1555792AAD73C14395B4DD4B97FE37F745E916B9F586945042B1EDED19C2BC0E9EFD4BE57E44610D465296BD0C544E84
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[...[...[......Y...R.W.f...[.........H......_......Z......3....9.Y...........;.Z......Z...Rich[...........PE..d....B............" .....0..........P.........................................".....1.!...`A............................................X.......l.....!.P....0 ..)...` ..!....!.pN......p............................y..8...........H.......L...`....................text............0.................. ..`.rdata..4....@.......@..............@..@.data....4..........................@....pdata...)...0 ..0..................@..@.didat..8....`!.....................@....mrdata..2...p!..@..................@..@.rsrc...P.....!....... .............@..@.reloc..pN....!..P.... .............@..B........................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win64\is-UF26U.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1311232
                                                                                                                                                                                                          Entropy (8bit):5.897658121795144
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:aHnKY5WcmiyfogSknJbjhrbXBbrxaLsBDJbVQAjXwcasznMbDz43X6dmM:aqY5Wcmi4FJbXdsLsBNRQAjgH
                                                                                                                                                                                                          MD5:C11138204609EA63A3E88B4C8C09B035
                                                                                                                                                                                                          SHA1:B0829124F7E275B0F341C6AF0FDD3DD5F65667A4
                                                                                                                                                                                                          SHA-256:60C16C2FAB14B344B8343778DCD6BBFDEE3DFE5F83D1AC8D2E50C6877419EEE4
                                                                                                                                                                                                          SHA-512:28D9E92498433C1F6EC41893FC17DB76D6CB7A1C565461EB6E67EEBC2B924DD4AA65486C29874CAA9AC5C78F804A8799C7CE1C641DD9F080BF1BF94B58CA208C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................"........d......e.....f......e......a......b......g....Rich...........PE..d.....OT.........." ................@I.......................................p............`.........................................@...g!......(....0.......@..............P..8....+..8...........................0>..p...........8................................text............................... ..`.rdata....... ......................@..@.data....q.......D..................@....pdata.......@......................@..@.idata..X...........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win64\sqlite3.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1311232
                                                                                                                                                                                                          Entropy (8bit):5.897658121795144
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:aHnKY5WcmiyfogSknJbjhrbXBbrxaLsBDJbVQAjXwcasznMbDz43X6dmM:aqY5Wcmi4FJbXdsLsBNRQAjgH
                                                                                                                                                                                                          MD5:C11138204609EA63A3E88B4C8C09B035
                                                                                                                                                                                                          SHA1:B0829124F7E275B0F341C6AF0FDD3DD5F65667A4
                                                                                                                                                                                                          SHA-256:60C16C2FAB14B344B8343778DCD6BBFDEE3DFE5F83D1AC8D2E50C6877419EEE4
                                                                                                                                                                                                          SHA-512:28D9E92498433C1F6EC41893FC17DB76D6CB7A1C565461EB6E67EEBC2B924DD4AA65486C29874CAA9AC5C78F804A8799C7CE1C641DD9F080BF1BF94B58CA208C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................"........d......e.....f......e......a......b......g....Rich...........PE..d.....OT.........." ................@I.......................................p............`.........................................@...g!......(....0.......@..............P..8....+..8...........................0>..p...........8................................text............................... ..`.rdata....... ......................@..@.data....q.......D..................@....pdata.......@......................@..@.idata..X...........................@....rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\win64\symsrv.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):344528
                                                                                                                                                                                                          Entropy (8bit):5.780306640057818
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:yT/zGgy2HzkCwmkfCl00EiwtHgadXIezwnzx7I91DR9J2:y3GL2HzkCwmkfClHbghpINzZmBRa
                                                                                                                                                                                                          MD5:1473A9CCB67526D4010F1B0F9E6B2977
                                                                                                                                                                                                          SHA1:7FE8C168E976200CF1562B8E8991245226B16B9A
                                                                                                                                                                                                          SHA-256:F118FD9D6BA4C36DB3556D1035EFE90E99C00BF879A22ABEBE1DADFDBB3074D7
                                                                                                                                                                                                          SHA-512:3F459A8C9536B615BBD3B8BFEC9970F432CC72BD3287937F9F915FCBE9B2A13FCB4C45946A1722018F89DB505B418957BD513BD32A64580484D4AC7D3896A551
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........F..CF..CF..CO.1Cv..C...BB..C...BV..CF..Ce..C...BO..C...BJ..C...BG..C...B{..C..]CG..C...BG..CRichF..C........................PE..d....g............" .........................................................p.......F....`A.........................................P......tU..0....@............... ...!...`......H...p.......................(.......8....................G.......................text.............................. ..`.rdata..............................@..@.data....S...p.......p..............@....pdata........... ..................@..@.didat..............................@....mrdata..2.......@..................@..@.rsrc........@... ..................@..@.reloc.......`......................@..B................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\windowsrepair.exe (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):268704
                                                                                                                                                                                                          Entropy (8bit):5.837891086948313
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:0drkqKo/nt7PrwnoK0M6EZgugEkkoSE5O7Z3LLr:6rkm9mP6EZgugEnoSE5OB
                                                                                                                                                                                                          MD5:9A4D1B5154194EA0C42EFEBEB73F318F
                                                                                                                                                                                                          SHA1:220F8AF8B91D3C7B64140CBB5D9337D7ED277EDB
                                                                                                                                                                                                          SHA-256:2F3214F799B0F0A2F3955DBDC64C7E7C0E216F1A09D2C1AD5D0A99921782E363
                                                                                                                                                                                                          SHA-512:6EEF3254FC24079751FC8C38DDA9A8E44840E5A4DF1FF5ADF076E4BE87127075A7FEA59BA7EF9B901AAF10EB64F881FC8FB306C2625140169665DD3991E5C25B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...............................d)..`........ ....@.................................:8..........................................d........................k...................................3.......................................................text............................... ..`.data........ ......................@....rdata...g...@...h...(..............@..@.bss....d)...............................CRT................................@....idata..N...........................@....rsrc...............................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\winhook-i386.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):206232
                                                                                                                                                                                                          Entropy (8bit):6.577803539808585
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:ZyuXZus0fJ34+UZQ5IvR2diworEdVpRmY:nXZgV4dkIJfrEdVt
                                                                                                                                                                                                          MD5:DE625AF5CF4822DB08035CC897F0B9F2
                                                                                                                                                                                                          SHA1:4440B060C1FA070EB5D61EA9AADDA11E4120D325
                                                                                                                                                                                                          SHA-256:3CDB85EE83EF12802EFDFC9314E863D4696BE70530B31E7958C185FC4D6A9B38
                                                                                                                                                                                                          SHA-512:19B22F43441E8BC72507BE850A8154321C20B7351669D15AF726145C0D34805C7DF58F9DC64A29272A4811268308E503E9840F06E51CCDCB33AFD61258339099
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#........t...D)..0........ ...............................@..................................................P........................g.......#...................................................................................text............................... ..`.data...t.... ......................@....rdata..0d...@...f... ..............@..@.bss....D)...............................CRT................................@....idata..............................@....rsrc...............................@....reloc...#.......$..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Program Files\Cheat Engine 7.5\winhook-x86_64.dll (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):271256
                                                                                                                                                                                                          Entropy (8bit):6.040002515360521
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:XcxPVJy83/NkY56owwouBQGsyTfkaiX6P0a:XkPV483FB56wsyTfkOJ
                                                                                                                                                                                                          MD5:F9C562B838A3C0620FB6EE46B20B554C
                                                                                                                                                                                                          SHA1:5095F54BE57622730698B5C92C61B124DFB3B944
                                                                                                                                                                                                          SHA-256:E08B035D0A894D8BEA64E67B1ED0BCE27567D417EAAA133E8B231F8A939E581D
                                                                                                                                                                                                          SHA-512:A20BC9A442C698C264FEF82AA743D9F3873227D7D55CB908E282FA1F5DCFF6B40C5B9CA7802576EF2F5A753FD1C534E9BE69464B29AF8EFEC8B019814B875296
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....d..t....-...........................................0.................................................................P........................g......h.......................................................0............................text....d.......f.................. ..`.data...t............j..............@....rdata..............................@..@.pdata...........0...`..............@..@.bss.....-...............................CRT................................@....idata..............................@....rsrc...............................@....reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\AVG\Icarus\Logs\icarus.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (608), with CRLF line terminators
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):1367308
                                                                                                                                                                                                          Entropy (8bit):5.361755927632556
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:HZVKTahpWpfHEt12o+7DrbB3BMwkYVpyxtswE8DTORD3Uc1j6uMzs:mDrzMwkYVpyPswE8DTORD3R1j6uMzs
                                                                                                                                                                                                          MD5:AF71E7C6ECA09E3FFDEEFE5DAC4A8859
                                                                                                                                                                                                          SHA1:227743E9782976EEB7CBB1766F3A38CF697F8A11
                                                                                                                                                                                                          SHA-256:C29F59630045BE9283744333E423C2A42D2AC114AC646A90B7111879E135A187
                                                                                                                                                                                                          SHA-512:AC8B0C28E3A37999A4D6DBA2904AA0212F3AFA4D94211742B47AB68B963F1C73B9C6ECB59C7405AD9A72CA72165CE2604928B0672C08C62D6FF13CF498434EFF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.[2024-10-13 21:29:54.850] [info ] [entry ] [ 4568: 4176] [DF28B6: 39] Icarus has been started...[2024-10-13 21:29:54.850] [debug ] [settings_lt] [ 4568: 4176] [2C8384: 190] generic accessor for scheme registry set..[2024-10-13 21:29:54.850] [debug ] [event_rout ] [ 4568: 4176] [6A736D: 49] Registering request fallback handler for event_routing.enumerate_handlers. Description: event_routing_enumerate_handlers_handler..[2024-10-13 21:29:54.850] [debug ] [event_rout ] [ 4568: 4176] [6A736D: 49] Registering request fallback handler for event_routing.enumerate_handlers2. Description: event_routing_enumerate_handlers_handler..[2024-10-13 21:29:54.850] [debug ] [event_rout ] [ 4568: 4176] [6A736D: 49] Registering event handler for app.settings.PropertyChangedValue...[2024-10-13 21:29:54.850] [debug ] [event_rout ] [ 4568: 4176] [6A736D: 49] Registering event handler for app.settings.PropertyChanged...[2024-10-13 21:29:54.850] [debug ] [event_rout ] [ 4568: 4176] [6A736D:

                                                                                                                                                                                                          C:\ProgramData\AVG\Icarus\Logs\sfx.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1463), with CRLF line terminators
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):13854
                                                                                                                                                                                                          Entropy (8bit):5.558169139133738
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:t5D+sYuvsY0zFb1dwElsPeMrtfr07rltrsGerwjrglrtddUiqUnk:6sxvd8JqEmmMhfg7ptoGeMj0lJddUiTk
                                                                                                                                                                                                          MD5:BA80D664947B0F5C6719E54A2503DE4C
                                                                                                                                                                                                          SHA1:7F1A70C0839D4EEB776B7585DB9CDE626402B517
                                                                                                                                                                                                          SHA-256:B0B7A59FA22236CEFB6F825AA37DD074D5788AF889F0D4CE1CA1F3FB8D8479B2
                                                                                                                                                                                                          SHA-512:428296DC289BBEFB1ED015E7F3F38CE163C7CFB210FA9334749BD5F16B8A54E378E054E660D7697E4655DD460935CE8024EC38BEF3C0B222187F08AE285955CA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.[2024-10-13 21:29:26.283] [info ] [isfx ] [ 7008: 6832] [A9733A: 183] *** Starting SFX (24.9.8001.0), System(Windows 10 (10.0.19045) x64) ***..[2024-10-13 21:29:26.283] [info ] [isfx ] [ 7008: 6832] [A9733A: 184] launched by:'4216-C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe'..[2024-10-13 21:29:26.439] [debug ] [device_id ] [ 7008: 6832] [D8D250: 70] Storing the new fingerprint..[2024-10-13 21:29:26.611] [info ] [isfx ] [ 7008: 6832] [B7A7B1: 34] SFX started with command line '/silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20'..[2024-10-13 21:29:26.611] [debug ] [isfx ] [ 7008: 6784] [D8285D: 62] Sending report data: ({"record":[{"event":{"type":25,"subtype":1,"request_id":"2509fbad-d14c-463d-bf00-abdb33ea5990","time":1728859433849

                                                                                                                                                                                                          C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):278
                                                                                                                                                                                                          Entropy (8bit):3.4584396735456933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:Q9oPdKwo/e7nwY0ow+lGUlYlUlulnvm4HflKmaGHfltNv:QCFKwh7CaI/VJNKKHNX
                                                                                                                                                                                                          MD5:B8853A8E6228549B5D3AD97752D173D4
                                                                                                                                                                                                          SHA1:CD471A5D57E0946C19A694A6BE8A3959CEF30341
                                                                                                                                                                                                          SHA-256:8E511706C04E382E58153C274138E99A298E87E29E12548D39B7F3D3442878B9
                                                                                                                                                                                                          SHA-512:CF4EDD9EE238C1E621501F91A4C3338EC0CB07CA2C2DF00AA7C44D3DB7C4F3798BC4137C11C15379D0C71FAB1C5C61F19BE32BA3FC39DC242313D0947461A787
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......[.P.r.o.x.y.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.i.z.a.t.i.o.n.=.0.....A.u.t.o.m.a.t.i.c.E.n.a.b.l.e.d.=.0.....C.o.n.f.i.g.U.r.l.=.....F.a.l.l.b.a.c.k.=.1.....P.o.r.t.=.8.0.8.0.....P.r.o.x.y.N.a.m.e.=.....P.r.o.x.y.T.y.p.e.=.0.....U.s.e.r.N.a.m.e.=.....U.s.e.r.P.a.s.s.=.....

                                                                                                                                                                                                          C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_0015005A003C0015.txt

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):212
                                                                                                                                                                                                          Entropy (8bit):5.105136754545317
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:rtR8jDQk2JM0RG0DKhSi1tR8WsOZZVjwOrADGq:ZRTk2JTDFiHRvsOZrjhroZ
                                                                                                                                                                                                          MD5:D8BCD6EAF649E7D86F7673E50876F9A5
                                                                                                                                                                                                          SHA1:9859F4508FB92776752F8FF317F0E9C893CC5FF2
                                                                                                                                                                                                          SHA-256:B0C4ABA4A44318C008888590F5E2431329E09A0362838781338AD23C2555BA21
                                                                                                                                                                                                          SHA-512:E0ED14250E379FF04014A53DB8BE309FE0334CFC22E1F2506652210593B354EE6013A396F947BE165AE3A449FC741CB9D90DCF95E05618BBC4CA848B3B506488
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[ERR][20241013 18:43:48.552][ProcessUtils.cpp@210]: Failed to get executable filename for process with id 2644. Error 31..[ERR][20241013 18:44:09.691][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (32-bit).lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:30 2024, mtime=Sun Oct 13 20:29:31 2024, atime=Wed Feb 8 15:45:06 2023, length=12807608, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):969
                                                                                                                                                                                                          Entropy (8bit):4.5665654868937615
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:8me9hsVRYX0Nh9fEcdpF4AvPKM8bOP28VGLmAjAos94sAtbdpMZLibdpMTkh9mV:8m71RdTPK9qPbVGiUAjihxd2ydmkh9m
                                                                                                                                                                                                          MD5:9BF8F0E086E864F600512B0120934A7D
                                                                                                                                                                                                          SHA1:FC2241A536E7F651BE1AD95075A0776F582816BF
                                                                                                                                                                                                          SHA-256:36E3F362ADCF34FBAE31979141C7D3B4C8567D5BCFA2BC1C5C579468DA52C29A
                                                                                                                                                                                                          SHA-512:06B5AA645EC1E8785FC7FC0410779792B334411194544F1483648B223909A14D21F7F91C4629D5EFFF6E6225A52B0D597F2719B485DC15BD9AF59EBCA5E25672
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... ...........S$..........;...m...........................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....v.2..m..HV.. .CHEATE~2.EXE..Z......MY..MY......4.........................c.h.e.a.t.e.n.g.i.n.e.-.i.3.8.6...e.x.e.......e...............-.......d....................C:\Program Files\Cheat Engine 7.5\cheatengine-i386.exe..E.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.h.e.a.t.e.n.g.i.n.e.-.i.3.8.6...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... ./.E._c...,...E...hT..CrF.f4... ./.E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit SSE4-AVX2).lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:33 2024, mtime=Sun Oct 13 20:29:34 2024, atime=Wed Feb 8 15:45:12 2023, length=16708024, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1029
                                                                                                                                                                                                          Entropy (8bit):4.601875135140492
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:8mp+1RdTPK9qcCR2grEAksih7Md5grtdmkhFm:8mp+TdTPjcWLTO7Mdgtdmkb
                                                                                                                                                                                                          MD5:8C6D63FCCD93E977FF6CE7276349BEB2
                                                                                                                                                                                                          SHA1:6C0C94DFBB63B8EB146EDF4B720B87C6C3089514
                                                                                                                                                                                                          SHA-256:12C17304FC0011F43F3E0527DB8CE5EEBCD4A080184D518EE19710D0D9562AFD
                                                                                                                                                                                                          SHA-512:E25F7B122937CD6B8E874BE73E5AA79C5677C84F0C4B0CE3DDABC3C90772FC2B22F3C01F249A098EF3BE653C89ED53768C626F2CC5C354193DCA12ADFDEF106B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... .............z......\6..;...............................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.......2.....HV.. .CHEATE~4.EXE..r......MY..MY......6.........................c.h.e.a.t.e.n.g.i.n.e.-.x.8.6._.6.4.-.S.S.E.4.-.A.V.X.2...e.x.e.......q...............-.......p....................C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe..Q.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.h.e.a.t.e.n.g.i.n.e.-.x.8.6._.6.4.-.S.S.E.4.-.A.V.X.2...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .*.E._c...,...E...hT..CrF.f4... .*.E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H..

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine (64-bit).lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:32 2024, mtime=Sun Oct 13 20:29:33 2024, atime=Wed Feb 8 15:45:10 2023, length=16718264, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):979
                                                                                                                                                                                                          Entropy (8bit):4.5805140588689675
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:8m03hA1RdTPK9qRm9rsyAlih78d5Kdmkhxm:8mAATdTPjRmKRA78d0dmk3
                                                                                                                                                                                                          MD5:BAAD3E49C7D8108A621249133F0F9812
                                                                                                                                                                                                          SHA1:E4CF290AC7C62D6873C69E6E98B03E2F3BADD574
                                                                                                                                                                                                          SHA-256:EC52A64FE222388CA23AF7EBB8D539E809966C58C69082C19042B895C41CAA2F
                                                                                                                                                                                                          SHA-512:38D22C8DAFFE05791A4ACD00D698D389C130F05EA179AC3C03B36491B5150E3930ED6FF36A3AEAC2BB96E976FF6E8BA5E142DD53DE92D09B854694FA030826FB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... ....Y;............./...;...............................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....z.2.....HV.. .CHEATE~3.EXE..^......MY..MY......5.........................c.h.e.a.t.e.n.g.i.n.e.-.x.8.6._.6.4...e.x.e.......g...............-.......f....................C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64.exe..G.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.h.e.a.t.e.n.g.i.n.e.-.x.8.6._.6.4...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .,.E._c...,...E...hT..CrF.f4... .,.E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine help.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:41 2024, mtime=Sun Oct 13 20:29:41 2024, atime=Fri Apr 21 14:00:10 2017, length=306758, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):944
                                                                                                                                                                                                          Entropy (8bit):4.536078410430876
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:8mKZYX0Nh9fEcdpF4AvPKM8bOChM8zawjA2v94MMFbdpMwuTbdpMTkh3bFmV:8my1RdTPK9qizdASiBdsPdmkh3bFm
                                                                                                                                                                                                          MD5:35D0A5A39FDF821F8851383CB9D531AE
                                                                                                                                                                                                          SHA1:11E478370253D47FF6BA770443E865F6EF98C1CC
                                                                                                                                                                                                          SHA-256:9EEEB5639888E59BF8E29BDE55B1BCE9EFE69EB7950BF4B92E46B3AE2F2E4289
                                                                                                                                                                                                          SHA-512:5B52AB8B4268476FD06209E3F68B0D313E6EA2977DF6458FACB24E0B9DBBFC7ED7114858269FEFDD7EBBC1B2A74B6EED32DC52022A77D0AD46A1C42635B4844B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... ....@.......@.......9......F............................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....l.2.F....J.x .CHEATE~1.CHM..P......MY..MY.......>........................C.h.e.a.t.E.n.g.i.n.e...c.h.m.......`...............-......._....................C:\Program Files\Cheat Engine 7.5\CheatEngine.chm..@.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.C.h.e.a.t.E.n.g.i.n.e...c.h.m.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .8.E._c...,...E...hT..CrF.f4... .8.E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial (64-bit).lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:41 2024, mtime=Sun Oct 13 20:29:41 2024, atime=Fri Sep 30 18:38:22 2022, length=3403192, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):964
                                                                                                                                                                                                          Entropy (8bit):4.600873188639427
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:8mrihi1RdTPK9qHevKA+i0pdeKdmkhxm:8mriITdTPjOgdldmkX
                                                                                                                                                                                                          MD5:9E2E3054E9856F0F85718D50AB387F01
                                                                                                                                                                                                          SHA1:C67C6032847213528F57F8CBD0F248C6ED872DB4
                                                                                                                                                                                                          SHA-256:C5FD0410B510BFDFFB29D8AA497D519F62BD2459C299296C5CBD3B744DAE988D
                                                                                                                                                                                                          SHA-512:509E90E078C6F2F4B84610B13D8FF579C1F778D4DC043184E273AFD7C610BBB83A78FCC4A3622BFAAB024950BA96CE3ED600CA4F79A3361D41C1A611245C6E52
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... ....,...............K.3......3..........................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....t.2...3.>U. .TUTORI~1.EXE..X......MY..MY.......?........................T.u.t.o.r.i.a.l.-.x.8.6._.6.4...e.x.e.......d...............-.......c....................C:\Program Files\Cheat Engine 7.5\Tutorial-x86_64.exe..D.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.T.u.t.o.r.i.a.l.-.x.8.6._.6.4...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .5.E._c...,...E...hT..CrF.f4... .5.E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine tutorial.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):665
                                                                                                                                                                                                          Entropy (8bit):2.989929398381464
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:4xtCl0Xw0Ml//A9LY/dlrtelX8SKA89NTNAm6tibdlrMAe8mAm6ebdlrMAe8w:8wl0g0kXXdpUfKfBNAsbdpMJAibdpMV
                                                                                                                                                                                                          MD5:9CECB30EE563CEF0187E17C153C87AD2
                                                                                                                                                                                                          SHA1:35A124D70C992855C8AABAFD25A99520D2CE5BE6
                                                                                                                                                                                                          SHA-256:BF93799CD75A79868A1B5834D55644500110270F77529512824E2F9F1F605C06
                                                                                                                                                                                                          SHA-512:23ECD43901FED7827AAB04B4A4C55D0FEFD2EB39DA29A32EC0D031D9F116C61ABC3199CA38D949A44F3EF6DF774F071C0B2349B57413F92704D7C6031421B52D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F........................................................}....P.O. .:i.....+00.../C:\...................h.1...........Program Files.L............................................P.r.o.g.r.a.m. .F.i.l.e.s.....r.1...........Cheat Engine 7.5..R............................................C.h.e.a.t. .E.n.g.i.n.e. .7...5... .t.2...........Tutorial-i386.exe.T............................................T.u.t.o.r.i.a.l.-.i.3.8.6...e.x.e... ...B.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.T.u.t.o.r.i.a.l.-.i.3.8.6...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.....

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Cheat Engine.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:30 2024, mtime=Sun Oct 13 20:29:30 2024, atime=Fri Sep 30 18:37:02 2022, length=399264, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):949
                                                                                                                                                                                                          Entropy (8bit):4.536072209279165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:8mZbpfm3NA1RdTPK9qyK9VXVQA3iWdidmkh1m:8mZbYWTdTPjys1ldidmkb
                                                                                                                                                                                                          MD5:5C612765827DBC37E1C865AEDA82C5F3
                                                                                                                                                                                                          SHA1:39BB34AEF6F18078A8F3E8946AB0E1DEB0DF480F
                                                                                                                                                                                                          SHA-256:B07AF6FD474A7B4DEA2EFCA76B15BD6B4F296709FF343F587FBD78E848D1F480
                                                                                                                                                                                                          SHA-512:B0BB461FD3D982F57A8A654E27605E2EA7224E72961E333D01E13AB47B6F48A4A1E79EB274F4832E1FF41E25698575B387146DABEB44165B749F2B1DF440147B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... ............,.......CV..................................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....n.2.....>U.. .CHEATE~1.EXE..R......MY..MY......_.........................C.h.e.a.t. .E.n.g.i.n.e...e.x.e.......a...............-.......`....................C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe..A.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.C.h.e.a.t. .E.n.g.i.n.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .".E._c...,...E...hT..CrF.f4... .".E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Kernel stuff\Unload kernel module.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:39 2024, mtime=Sun Oct 13 20:29:39 2024, atime=Wed Jan 25 17:19:40 2023, length=242616, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):995
                                                                                                                                                                                                          Entropy (8bit):4.553125600466978
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:8mw4HYX0Nh9fEcdpF4AvPKM8bOylM8RHG8OeAjAv94/FbdpMcmbdpMTkhVmV:8mwC1RdTPK9qyDxOhAvi/pdZCdmkhVm
                                                                                                                                                                                                          MD5:968611843F7D31A94AC5AB92E195C1E9
                                                                                                                                                                                                          SHA1:2ED43EB63C08E1EE1D5533C933D91B4A45A260BB
                                                                                                                                                                                                          SHA-256:29FAA239C9578BBC0DA266E5A90CBE78E8A10E4CC478F8EA6FF76913214B099E
                                                                                                                                                                                                          SHA-512:0825CC55D33EE2DF0887AA5CE959C29D8F1CE4EBAEFA61642C5660B7F1C69049E5D7ACDA2DA7BF72813A6CF087944AF37283FD716124CDDA4C28706A3258A332
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... .....q......O..........0...............................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....~.2.....9Vt. .KERNEL~1.EXE..b......MY..MY......G.........................K.e.r.n.e.l.m.o.d.u.l.e.u.n.l.o.a.d.e.r...e.x.e.......i...............-.......h....................C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe..L.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.K.e.r.n.e.l.m.o.d.u.l.e.u.n.l.o.a.d.e.r...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .;.E._c...,...E...hT..CrF.f4... .;.E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Lua documentation.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):822
                                                                                                                                                                                                          Entropy (8bit):3.3455528192085535
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:8Ql0M0m/3BVSXz5dlsW+fy9+B0bdpM6iNL4t2YZ/elFlSJm:8AJ/Bql+fW+GdK5qy
                                                                                                                                                                                                          MD5:043CCC4692426220B9446A0EC57866AD
                                                                                                                                                                                                          SHA1:CAA088A5E8C3C54FD5E6FA619D881FDC72FF42D9
                                                                                                                                                                                                          SHA-256:40CDBB79FD47554E716C2BD47A48BA4401F0C93BF73AFC6F4F21EB891DAC8D92
                                                                                                                                                                                                          SHA-512:388E78F675605282E8471CABFA0390AC74979446EB04E7F7F552F7AB3C6911FC59141933CD46F2DE136E68056D6751C647FF4C8559502ED60B9F1586F6F710F5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F........................................................A....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....b.2...........notepad.exe.H............................................n.o.t.e.p.a.d...e.x.e.............\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.n.o.t.e.p.a.d...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.e.l.u.a...t.x.t.........%...............wN....]N.D...Q..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Reset settings.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:39 2024, mtime=Sun Oct 13 20:29:39 2024, atime=Fri Feb 3 03:35:32 2023, length=309664, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):939
                                                                                                                                                                                                          Entropy (8bit):4.542630893640431
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:8mjj5ZcBRYX0Nh9fEcdpF4AvPKM8bOt56lg8RHSbtYjAt94SaDebdpM3bdpMTkhi:8mjjKB1RdTPK9qtk4yAtib6dEdmkhRm
                                                                                                                                                                                                          MD5:9EA4DE02598D9A38A2252B99D6DE36CF
                                                                                                                                                                                                          SHA1:9C923C7971E23370185016665E5EDF50571410D5
                                                                                                                                                                                                          SHA-256:43C64BE586FD6A7464315BF4B9081FFC8BAF6710203F83D9B4D20082B0A8D00F
                                                                                                                                                                                                          SHA-512:EC63067923EB949E0E0B56189E02FF96DA61D8D2186A30597D4BF5B5719AF797C0490DE703DCDA16D62F8F31507A8C5FDAA46B49AF62EDEC297BECB8970FCF8F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... .....i.......i.......;.7...............................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....j.2.....CVp$ .CEREGR~1.EXE..N......MY..MY......C.........................c.e.r.e.g.r.e.s.e.t...e.x.e......._...............-.......^....................C:\Program Files\Cheat Engine 7.5\ceregreset.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.c.e.r.e.g.r.e.s.e.t...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .=.E._c...,...E...hT..CrF.f4... .=.E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5\Uninstall Cheat Engine.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:30 2024, mtime=Sun Oct 13 20:29:30 2024, atime=Sun Oct 13 20:29:26 2024, length=3223968, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):929
                                                                                                                                                                                                          Entropy (8bit):4.573216470791859
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:8mQ6PYX0Nh9fEcdpF4AvPKM8bOW8VfEoAjAr94ZkbdpMUwbdpMTkh9mV:8mQ81RdTPK9q7VsoUAriedjEdmkh9m
                                                                                                                                                                                                          MD5:4D35BF1796B480F40F8D64D380485DE3
                                                                                                                                                                                                          SHA1:F8B94BF91F84B4B89BCD9DC9A40C922A664B98B6
                                                                                                                                                                                                          SHA-256:D2FD7E6F1CB5F353B95BC970CDB548C9EFAA4236CA58E498333E424DE8F03435
                                                                                                                                                                                                          SHA-512:AB232CD32BD85442BB93B5997BB31597B04BA82B904074A7EA3FB5A360DE9472BFB948DAB28802F086F7948A91C9B98851370DF092D03DB3A163536C8C311EF5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... ...^/...............].......11..........................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....f.2..11.MY.. .unins000.exe..J......MY..MY......S.....................4...u.n.i.n.s.0.0.0...e.x.e.......]...............-.......\....................C:\Program Files\Cheat Engine 7.5\unins000.exe..=.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.u.n.i.n.s.0.0.0...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .G.E._c...,...E...hT..CrF.f4... .G.E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                          File Type:Certificate, Version=3
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1398
                                                                                                                                                                                                          Entropy (8bit):7.676048742462893
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:ujsZPSIPSUcnA3/46giyfV4Hxk7P3Gus6acCQ4CXmW5mOgs:ujul2nQ4XfVkk7P3g6dB42mVs
                                                                                                                                                                                                          MD5:E94FB54871208C00DF70F708AC47085B
                                                                                                                                                                                                          SHA1:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
                                                                                                                                                                                                          SHA-256:7B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF86
                                                                                                                                                                                                          SHA-512:2E15B76E16264ABB9F5EF417752A1CBB75F29C11F96AC7D73793172BD0864DB65F2D2B7BE0F16BBBE686068F0C368815525F1E39DB5A0D6CA3AB18BE6923B898
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:0..r0..Z.......vS..uFH....JH:N.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200318000000Z..450318000000Z0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450.."0...*.H.............0.........-.0.z.=.r.:K..a....g.7..~.....C..E..cW]....%..h.K..K.J...j..a'..D...?".O.....(..].Y.......,.3$.P:A..{.M.X8.........,..C...t...{.3..Yk....Z.{..U......L...u.o.a.tD....t..h.l&>.......0....|U..p\$x %.gg...N4.kp..8...........;.gC....t./.....7=gl.E\.a.A.....w.FGs.....+....X.W..Z..%....r=....;D.&.........E.......Bng~B.qb...`.d....!N+.mh...tsg1z...yn|..~FoM..+."D...7..aW...$..1s..5WG~.:E.-.Q.....7.e...k.w....?.0.o1..@........PvtY..m.2...~...u..J.,....+B..j6..L.............:.c...$d.......B0@0...U...........0...U.......0....0...U.........F...x9...C.VP..;0...*.H.............^+.t.4D_vH(@....n..%.{...=..v...0 ..`.....x.+.2..$.RR......9n....CA}..[.]...&..tr&....=;jR.<../.{.3.E.....

                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):264
                                                                                                                                                                                                          Entropy (8bit):3.0950154779210126
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:kKr4sWFkYGhipWhliK8al0GQcmqe3KQjMIXIXL/:ksYkYGIWzyZ3qe3KQjxXIT
                                                                                                                                                                                                          MD5:05D1D0F1B8B9712035A3F356CD511761
                                                                                                                                                                                                          SHA1:C73AC03D4586486A7E5039AECF806375D04B2F16
                                                                                                                                                                                                          SHA-256:65E42643962E3D86DC435F31F4C265371411F801F8977438B9F99EF40AFEDC0A
                                                                                                                                                                                                          SHA-512:8F345A5146667793A12D5E159EEF190337C48FCA068A6BD68D598C809B7EB348ED9D9BC0C23DC473EB077C7735F4276A3E46A3E0F64717B91C5A2B24881D5F9B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:p...... ....v...........(....................................................... ...............(.............v...h.t.t.p.:././.s.e.c.u.r.e...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.a.c.e.r.t./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.t...".6.2.f.a.4.8.4.5.-.5.7.6."...

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1128
                                                                                                                                                                                                          Entropy (8bit):3.872152210236558
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:V98uCcoOP8es2WYysZtI6gEYFVIZyy2aQ9q/0Klsm2iSoWRdn:V98uBofd2WYyF6gzF27QE8KlaiELn
                                                                                                                                                                                                          MD5:8ADE3E4D01DA0B499AE14EF4D2693D7A
                                                                                                                                                                                                          SHA1:BF7D9858E6FFA4AE86F769D60FECE86AD84CD595
                                                                                                                                                                                                          SHA-256:49400A55D2A4F880A6DC454197FA928BD7EB98F39537E7ADC2C607A4C50CEEFE
                                                                                                                                                                                                          SHA-512:C4F98DDB102A7E7B6FF46870850C943B6B6057B524DC8C8A8F04336884821DFCF41F5B6AA4B48D7085B8B4ACA823C002E93E533EA2876B1AD63BCFCAC0C04155
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.e.u.I.8.D.Q.G.P.k.a.V.4.4.7.E.9.L.g.s.H.w.Q.A.A.A.A.C.A.A.A.A.A.A.A.Q.Z.g.A.A.A.A.E.A.A.C.A.A.A.A.C.6.U.U.p.D.D.8.j.j.o.Z.N.8.a.D.J.a.h.l.Z.7.h.S.M.J.m.7.3.W.S.M.K.A.e.U.p.O.6.L.3.Q.f.A.A.A.A.A.A.O.g.A.A.A.A.A.I.A.A.C.A.A.A.A.D.g.t.8.1.J.s.T.W.j.4.t.n.q.2.l.X.U.G.w.J.3.E.T.h.k.H.0.W.U.y.i.g./.N.n.M.U.m.Y.y.l.x.d.A.A.A.A.D.O.g.B.F.v.V.5.I.E.i.m.M.u.S.+.j.L.F.u.h.P./.I.C.4.B.e.W.E.6.N.g.3.i.d.V.u.C.c.A.8.s.2.P.q.z.o.M.O.l.R.V.S.W.f.k.l.6.c.O.I.h.x.q.c.d.a.T.A.F.i.T.Z.c.z.0.I.A.M.r.+.y.M.q.P.r.I.+.c.O.6.j.e.X.h.u.9.7.S.l.K./.G.d.l.u.P.Z.D.T.s.+.r.W.n.2.Z.0.s.E.R.X.k.e.p.a.N.l.D.L.x.B.k.x.5.+.+.d./.h.2.L.n.D./.e.K.7.G.N.M.+.M.N.L.6.F.J.u.x.0.V.7.Q.6.g.w.y.4.8.f.M.g.E.l.z.W.K.e.n.p.s.D.m.d.n.W.5.n.p./.u.W.N.e.o.M.1.H.Q.u.0.u.k.b.z.S.B.Q.c.I.y.+.o.A.A.k.k.r.M.p.d.r.P.k.J.P.S.Y.L.H.x./.Z.F.g.B.z.j.P.j.Q.S.f.U.S.M.b.T.m.F.Z.j.T.F.V.W.w.I.p.s./.J.N.2.C.F.J.d.f.8.1.U.6.H.e.E.Q.A.A.A.A.A.o.2.+.B.b.E.G.T.E.f.f.S.D.n.d.L.Q.l.F.I.X.f.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Cheat Engine Symbols\structures.sqlite

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3008008, page size 1024, file counter 1, database pages 10, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                          Entropy (8bit):1.6211119274023298
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:ri4sWLMSpHJCSHBv52qolhdQZSRmAH/0UkEvWTtSDGsWLMSpHJCSHBv52qolhdQU:3s6pHj55XQp8UkEESSs6pHj55XQZ
                                                                                                                                                                                                          MD5:551F7A35DEC7A2436EFA7181DF0F5DB4
                                                                                                                                                                                                          SHA1:38EEA293AB5906FEAD7DF8351863FD75171F864E
                                                                                                                                                                                                          SHA-256:9F5C71448B5A562560E138BA873E4D827DA45C83745E570FD40DF43D4BEC56D6
                                                                                                                                                                                                          SHA-512:CE47D79874F71FED3B9930717A8BD2B827DCD6F8CD1D1DE7E1B913D69C9DFC050B6314538A0AEF88A3F89ADC78CE1E5C55A8661395E1AF373DE34C296093271F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:SQLite format 3......@ .........................................................................-....................._....................................................................................................................................................................................../...C...indexsqlite_autoindex_elements_1elements.[...!!...indexnamelookupstructures.CREATE INDEX namelookup on structures(moduleid, tablename).F...!!..Wtablestructuresstructures.CREATE TABLE structures(moduleid INTEGER NOT NULL, typeid INTEGER NOT NULL, tablename varchar(255) NOT NULL, length INTEGER NOT NULL, PRIMARY KEY (moduleid, typeid))3...G!..indexsqlite_autoindex_structures_1structures.P...++.Ytablesqlite_sequencesqlite_sequence.CREATE TABLE sqlite_sequence(name,seq).>.......Stablemodulesmodules.CREATE TABLE modules(moduleid INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, modulename varchar(255) NOT NULL, timestamp int NOT NULL, UNIQUE (modulename, timestamp))-...A...indexsqlite_autoind

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Cheat Engine Symbols\structures.sqlite-journal

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.28499812076190567
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:7FEG2l/PHsL/Plxll:7+/l/PML/
                                                                                                                                                                                                          MD5:99F06474BA83AD8FB260E1B1AFACED5B
                                                                                                                                                                                                          SHA1:7CCB4BC54895D50289BDA29D01D95C3770428EF2
                                                                                                                                                                                                          SHA-256:F89CF323F35B37A5A1B28E4008FB9FF842ED15BCE4D8B43411F07AC8BE58C4AF
                                                                                                                                                                                                          SHA-512:2587873C6AB2F46973EEF111131B8371DF6F22E4FAC24C8E2A01FFD34DFE92DED124A04DA0F2B61BEBFBCD032D1C047D7BB53ADC3B1A8258CA436A54A4B3D97D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.... .c.....*b.n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Cheat Engine\{1ECC2D7F-CA9B-4CD2-AD48-F141D3D660CC}\ADDRESSES.TMP.FILETEST

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30
                                                                                                                                                                                                          Entropy (8bit):3.8280729963885096
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:XlhDM8FGQEmB:vDHUmB
                                                                                                                                                                                                          MD5:826273A91309B13197041791BA18034C
                                                                                                                                                                                                          SHA1:C1D7C61766E2CC7C8F4FC156C0F002017EB73721
                                                                                                                                                                                                          SHA-256:4876AAF849BBFBE676C85E6F9A2D842C5EC7D2BC6078302956101030F155A7EE
                                                                                                                                                                                                          SHA-512:835A3F71D485E690A13945F3D5EB71FB507B07EB18E0288548569C953AB2EB59211696FFA87CE8A7481DF929B3277DEA1FBD0495FE771994B1D2F3E4869FB9DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:....This file can be recreated

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):64
                                                                                                                                                                                                          Entropy (8bit):2.859069531114783
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:jllnlUS27P4udl/X9HNlRYosZ:jXB2X9cl
                                                                                                                                                                                                          MD5:E4D62AC86200C59B5AED6BF183AA67B1
                                                                                                                                                                                                          SHA1:FE1BA5CF9E63F6266EF68879C236AF79891D4B24
                                                                                                                                                                                                          SHA-256:C0793D62EBE028CEF63485BC46D2B378BEDD8E7D72A8E9ABCFE5223DD1486D7A
                                                                                                                                                                                                          SHA-512:66A0D81DBC93D62B831D76DE2ED786CA9A2B50D5DE324F1CFC02A2A7B62D1287A7C196E7F40142B81389A62A3C6890E2DD77A11D997C58318F574B8A75CED24D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:5.3.5.7.B.9.7.D.E.4.8.0.1.F.1.2.B.A.3.5.5.8.2.B.8.2.4.7.9.D.A.F.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                          Entropy (8bit):2.8194150635161037
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:3lyElzlIlpUAlAU5iTbdWXlWn:3dlzlIl2AAU551Wn
                                                                                                                                                                                                          MD5:0BC8B7E0AAD24D0E6B75E409F318EC3D
                                                                                                                                                                                                          SHA1:55935DDC2E4A525836FBB7B598946F207D443D9C
                                                                                                                                                                                                          SHA-256:2449BBCCB798E036C7BFD5DC3A8C32C30A1C24D028245B28D5993745AB8305B8
                                                                                                                                                                                                          SHA-512:BB4121F153E435D7E85D30C5F2CC3D7B55A23E5BEB45493B751C43DAE1BC21137705C5A8D95673479BC2D606C71B11D64D7688679A4C22CB93CD51A1EF51AF05
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:0.9.b.a.c.a.3.5.-.6.b.c.4.-.4.c.6.1.-.a.e.b.6.-.3.4.d.c.3.3.b.2.f.4.3.f.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3025312
                                                                                                                                                                                                          Entropy (8bit):6.402393103402349
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:5LJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvu1:vwSi0b67zeCzt0+yO3kSU
                                                                                                                                                                                                          MD5:2C94C19646786C4EE5283B02FD8CE5A5
                                                                                                                                                                                                          SHA1:BF3DD30300126BA9B51C343D64DA2D8EDA23EBEA
                                                                                                                                                                                                          SHA-256:9BE09875AA698A85C446FB80E075087D6C0A543A493A7F033F3015FE2F0680D5
                                                                                                                                                                                                          SHA-512:7C3D5E740340042E34F25047A29ADD080E89027DB2D49775AAD529ECB8E13BFB83F73ADB3B2999E129A27D85C9B0021E3BF3E110AC93CDF6C6393D121A0F7D4E
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.................................../...@......@....................-......`-.49....-...............-..+....................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3223968
                                                                                                                                                                                                          Entropy (8bit):6.338087367720092
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:vdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TYfx:0HDYsqiPRhINnq95FoHVBT333T+
                                                                                                                                                                                                          MD5:9AA2ACD4C96F8BA03BB6C3EA806D806F
                                                                                                                                                                                                          SHA1:9752F38CC51314BFD6D9ACB9FB773E90F8EA0E15
                                                                                                                                                                                                          SHA-256:1B81562FDAEAA1BC22CBAA15C92BAB90A12080519916CFA30C843796021153BB
                                                                                                                                                                                                          SHA-512:B0A00082C1E37EFBFC2058887DB60DABF6E9606713045F53DB450F16EBAE0296ABFD73A025FFA6A8F2DCB730C69DD407F7889037182CE46C68367F54F4B1DC8D
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................1......u1...@......@....................-.......-..9....................0..k....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\AVG_AV.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):53151
                                                                                                                                                                                                          Entropy (8bit):7.982330941208071
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                                                          MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                                                          SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                                                          SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                                                          SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\AVG_BRW.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):47501
                                                                                                                                                                                                          Entropy (8bit):7.9807583617034075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                                                          MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                                                          SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                                                          SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                                                          SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):27406384
                                                                                                                                                                                                          Entropy (8bit):7.993410954401878
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:786432:37YPcmlabhBx9CrdUxTvngF7oUNUQWQu7pquEKLR:rGTabv+CVYhoLXQ8BR
                                                                                                                                                                                                          MD5:E0F666FE4FF537FB8587CCD215E41E5F
                                                                                                                                                                                                          SHA1:D283F9B56C1E36B70A74772F7CA927708D1BE76F
                                                                                                                                                                                                          SHA-256:F88B0E5A32A395AB9996452D461820679E55C19952EFFE991DEE8FEDEA1968AF
                                                                                                                                                                                                          SHA-512:7F6CABD79CA7CDACC20BE8F3324BA1FDAAFF57CB9933693253E595BFC5AF2CB7510AA00522A466666993DA26DDC7DF4096850A310D7CFF44B2807DE4E1179D1A
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................R...^.......^.......p....@.................................".....@......@...................@....... .......p..................k...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\WebAdvisor.png (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):48743
                                                                                                                                                                                                          Entropy (8bit):7.952703392311964
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:RtwR1Dy4rQznr1GYfvLn6froelhVNSyCPtSOeVlTTqYueg:zwR1DybhPwhvSyClSOk/geg
                                                                                                                                                                                                          MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24
                                                                                                                                                                                                          SHA1:0F4F73F0DDDC75F3506E026EF53C45C6FAFBC87E
                                                                                                                                                                                                          SHA-256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
                                                                                                                                                                                                          SHA-512:9D616F19C2496BE6E89B855C41BEFC0235E3CE949D2B2AE7719C823F10BE7FE0809BDDFD93E28735B36271083DD802AE349B3AB7B60179B269D4A18C6CEF4139
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx...eIu....(..Y31.}q....`...t....Z..8t;x3._@.3.0.{.E.".&.5.g.C..@..%.>r.5....B...O...^.*..s....{.7..{....r..+W...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(.n+.t.B.p.x.....^.?/....p,..7...{.P(...B.H...r.y..|.....{l\tO.|..<..P(....w......o..P(.<h...n[\tO..?......E...}...F.P83....<z.....W..7...w.....?..?.YW(.N.......?N[..E..A..z..[...'.$..'....8...?~.K.|........[#.....6........;.......s.=...}.c...{.._..z....;w..........(../..n...?..??..?.........z.......~....[o.<.......x.).Z.(..s.N..Wb.....f....../.P8.|.......?..#......2vO....F......@.|..w7].|..$..}?.L.Go...A.1..^...j...$.6....~..x...{..IwD`|..?.....?...{..~~........).........`$.......tG....|.n.2..........[..._....e.}.=..<........h.7|?Kg....+

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6144
                                                                                                                                                                                                          Entropy (8bit):4.720366600008286
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                          MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                          SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                          SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                          SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\error.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):255196
                                                                                                                                                                                                          Entropy (8bit):7.96973939556344
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:SpgUGHaX5IfwHkEe6PgHV90nLp8M8yv0zXqtveJsGfr5:SpghMe6IDop8Mjv0Yv+sGD5
                                                                                                                                                                                                          MD5:2C5238DA8AAF78FB2722F82435B59EB0
                                                                                                                                                                                                          SHA1:8AB4DBABEFD458CEBCD47C2CB144D79804303954
                                                                                                                                                                                                          SHA-256:1AEE87904EAAC431C564438807BDBD8FB34290831E7B3C0A502FDF1EF8EAA6A1
                                                                                                                                                                                                          SHA-512:EE71A321042F1DFC9660CE84337AB68C50EA40A2B97A0CA7313C433F2DB39769B17039E628B5EA60E3D4FF87DCB3401D98E4670EE82C88920996A641DEA7EFFA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs.........j......IDATx^....e.u...}..Y...@P.$.Z....{u...6"Q...@.$H6gI.n..Z"..(.*...J[ .^.gZ..(Q$@..*../......}.y7......../.D..'"n.......@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .......V.z..u.[.#.....4.......[..[....466.fgg

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\finish.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):254279
                                                                                                                                                                                                          Entropy (8bit):7.968301085693523
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:1QdvglrmnluatdNn508GtXT3YoTkT1ZLw9p2Hpsx/F:2dvglo/nX67HW1ZL8EJ2/F
                                                                                                                                                                                                          MD5:B24E872BD8F92295273197602AAC8352
                                                                                                                                                                                                          SHA1:2A9B0EBE62E21E9993AA5BFAAADE14D2DDA3B291
                                                                                                                                                                                                          SHA-256:41031EFC4F7E322DC5FFACC94B9296FB28B9B922B1CE3B3DA13BF659A5FD2985
                                                                                                                                                                                                          SHA-512:F08AC681ABC4E0F6D7A1D1F2303169004E67C880F9353C0ED11DFAB3EB511DDF841FA056F4090DA8201C822C66AE55419C48CD87F11B9866FEB46A3FE2C2AF99
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs.........j......IDATx^....f.y...w.......IQ.l..3.,O.'..Lb[".}.bJ.DI...$.j;.D.$....@7z.%;...L..X.,..}m...}..........}o.h,D....{.NU.:u...........@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ ....o.;.o.....m..w.G ..\.h.3.....w..[.VCCCidd

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\is-14RTN.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):125405
                                                                                                                                                                                                          Entropy (8bit):7.996684823256823
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                          MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                          SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                          SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                          SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\is-ASTT9.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):48743
                                                                                                                                                                                                          Entropy (8bit):7.952703392311964
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:RtwR1Dy4rQznr1GYfvLn6froelhVNSyCPtSOeVlTTqYueg:zwR1DybhPwhvSyClSOk/geg
                                                                                                                                                                                                          MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24
                                                                                                                                                                                                          SHA1:0F4F73F0DDDC75F3506E026EF53C45C6FAFBC87E
                                                                                                                                                                                                          SHA-256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
                                                                                                                                                                                                          SHA-512:9D616F19C2496BE6E89B855C41BEFC0235E3CE949D2B2AE7719C823F10BE7FE0809BDDFD93E28735B36271083DD802AE349B3AB7B60179B269D4A18C6CEF4139
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx...eIu....(..Y31.}q....`...t....Z..8t;x3._@.3.0.{.E.".&.5.g.C..@..%.>r.5....B...O...^.*..s....{.7..{....r..+W...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(.n+.t.B.p.x.....^.?/....p,..7...{.P(...B.H...r.y..|.....{l\tO.|..<..P(....w......o..P(.<h...n[\tO..?......E...}...F.P83....<z.....W..7...w.....?..?.YW(.N.......?N[..E..A..z..[...'.$..'....8...?~.K.|........[#.....6........;.......s.=...}.c...{.._..z....;w..........(../..n...?..??..?.........z.......~....[o.<.......x.).Z.(..s.N..Wb.....f....../.P8.|.......?..#......2vO....F......@.|..w7].|..$..}?.L.Go...A.1..^...j...$.6....~..x...{..IwD`|..?.....?...{..~~........).........`$.......tG....|.n.2..........[..._....e.}.=..<........h.7|?Kg....+

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\is-BMN3P.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):53151
                                                                                                                                                                                                          Entropy (8bit):7.982330941208071
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                                                          MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                                                          SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                                                          SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                                                          SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\is-GHFII.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):47501
                                                                                                                                                                                                          Entropy (8bit):7.9807583617034075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                                                          MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                                                          SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                                                          SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                                                          SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\is-PEM3N.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):527389
                                                                                                                                                                                                          Entropy (8bit):7.995975187354872
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                          MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                          SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                          SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                          SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\is-SKQL1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5627506
                                                                                                                                                                                                          Entropy (8bit):7.999949928735462
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                          MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                          SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                          SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                          SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\logo.png

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):254078
                                                                                                                                                                                                          Entropy (8bit):7.968268860206608
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:d9rAhuSnngAZK0u2vGWTbQ8VreGWVQx1RiiHs0dfo5yk5BRFOYfKa5ubF3/hlKHV:U/HJGWPQ2wV01RPQ5FoBJc+uHtjdhd3
                                                                                                                                                                                                          MD5:9CC8A637A7DE5C9C101A3047C7FBBB33
                                                                                                                                                                                                          SHA1:5E7B92E7ED3CA15D31A48EBE0297539368FFF15C
                                                                                                                                                                                                          SHA-256:8C5C80BBC6B0FDB367EAB1253517D8B156C85545A2D37D1EE4B78F3041D9B5DB
                                                                                                                                                                                                          SHA-512:CF60556817DBA2D7A39B72018F619B0DBEA36FB227526943046B67D1AE501A96C838D6D5E3DA64618592AC1E2FA14D4440BAA91618AA66256F99EA2100A427B4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs.........j......IDATx^....f.y....:=....H..d[f....I.$.........)..%E7.o..H.H..@...f.%;..{.\_.%R...e.}.........N.t...B....]u...SU_....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .....@ .x..mKU....[6..8..@.RA...@ ...#l.....N..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0 (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):527389
                                                                                                                                                                                                          Entropy (8bit):7.995975187354872
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                          MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                          SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                          SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                          SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0.zip (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):527389
                                                                                                                                                                                                          Entropy (8bit):7.995975187354872
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                          MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                          SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                          SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                          SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\installer.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):25583888
                                                                                                                                                                                                          Entropy (8bit):7.991553814165531
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:393216:Nd8MM+oA8smlLC8Ao9/q0DNUs8lUYXuPGhZBJsbfQ/fRtSjBul:NdEZlsmlWcxqgmbuuhZCQRtStul
                                                                                                                                                                                                          MD5:46C50DC50D9BE92829B9D6FD4678C11D
                                                                                                                                                                                                          SHA1:3C0B0493B9E6269A1A00C48720C7FD97C04DDD4F
                                                                                                                                                                                                          SHA-256:D9C15D4A7E2B1A320154A5C61AF012242E3408A5C5519CBB4E93A7843692CF50
                                                                                                                                                                                                          SHA-512:340FDBC7618E86EF4178142AA9012AB9317869B85AC148FCD31C0C2FFF007114EACCBF60EE829BE99890D36B7D5E1A78C4617E40A538735A8B01002D4D5E41E9
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.K=0.%n0.%n0.%nk.&o:.%nk.!o".%nk. o..%nb.!o .%nb.&o:.%nb. oj.%nk.$o5.%n0.$n..%n..,o<.%n...n1.%n..'o1.%nRich0.%n........................PE..d...^2.f.........."..........4.................@.............................@......<.....`..................................................$..(....... V}.....|2..........0......p...p.......................(.......8...............p...."..`....................text............................... ..`.rdata..V...........................@..@.data....1...@......................@....pdata..|2.......4...6..............@..@_RDATA...............j..............@..@.rsrc... V}......X}..l..............@..@.reloc.......0.....................@..B................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1184128
                                                                                                                                                                                                          Entropy (8bit):6.623147525519113
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:WF66IUpqM/XAl0drYaL6NFEXXN6abiklqOYadJ0CbmpV4CsCa0wDisO4qG:k/M0drYaIaXXOAqOYadJ0Cbmrhq0wTb5
                                                                                                                                                                                                          MD5:143255618462A577DE27286A272584E1
                                                                                                                                                                                                          SHA1:EFC032A6822BC57BCD0C9662A6A062BE45F11ACB
                                                                                                                                                                                                          SHA-256:F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
                                                                                                                                                                                                          SHA-512:C0A084D5C0B645E6A6479B234FA73C405F56310119DD7C8B061334544C47622FDD5139DB9781B339BB3D3E17AC59FDDB7D7860834ECFE8AAD6D2AE8C869E1CB9
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......2..}vn..vn..vn..-../xn..-../.n..$../bn..$../on..G2r.tn..$../.n..-../on..-../wn..-../yn...../wn...../~n...../Zn..vn..=o...../{n...../hn....p.wn...../wn..Richvn..................PE..L...V..e.....................h...... .............@..................................1....@.............................................p...............................p...................@.......X...@...............0....... ....................text............................... ..`.rdata..............................@..@.data..............................@....didat...............T..............@....rsrc...p............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1 (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):125405
                                                                                                                                                                                                          Entropy (8bit):7.996684823256823
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                          MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                          SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                          SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                          SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1.zip (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):125405
                                                                                                                                                                                                          Entropy (8bit):7.996684823256823
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                          MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                          SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                          SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                          SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):234936
                                                                                                                                                                                                          Entropy (8bit):6.580764795165994
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:y2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhh3K0Ko:y0KgGwHqwOOELha+sm2D2+UhngNdK4d
                                                                                                                                                                                                          MD5:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                                          SHA1:6CA3FE45B3CCD41B25D02179B6529FAEDEF7884A
                                                                                                                                                                                                          SHA-256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
                                                                                                                                                                                                          SHA-512:2426E54F598E3A4A6D2242AB668CE593D8947F5DDB36ADED7356BE99134CBC2F37323E1D36DB95703A629EF712FAB65F1285D9F9433B1E1AF0123FD1773D0384
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A...(..3A..Rich2A..................PE..L....m6d.........."..........\...... ........0....@.................................V.....@........................................................Hl..p)..........p...p..........................`M..@............0......T........................text............................... ..`.rdata..`....0......................@..@.data...............................@....didat..L...........................@....rsrc...............................@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2 (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5627506
                                                                                                                                                                                                          Entropy (8bit):7.999949928735462
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                          MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                          SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                          SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                          SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2.zip (copy)

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5627506
                                                                                                                                                                                                          Entropy (8bit):7.999949928735462
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                          MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                          SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                          SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                          SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5727368
                                                                                                                                                                                                          Entropy (8bit):7.987929042344586
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:BiykuiGAGbjNHbd5lbDK4pdfAstezXYCvzV:BiyKGBZhKEmyezIUR
                                                                                                                                                                                                          MD5:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                                                          SHA1:BBCEEF9812A3E09D8952E2FE493F156E613837B2
                                                                                                                                                                                                          SHA-256:5AE1ACF84F0A59FA3F54284B066E90C8432071ACE514ACCB6303261D92C6A910
                                                                                                                                                                                                          SHA-512:BA271257C0DBFBFD63685449A5FA5EA876B31C4F1898F85AA1BE807F1E31846D12F2162F715FC320FB014D31C15501EA71FE73B3C981E201BFA1A448FF54745C
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........18..PV..PV..PV.*_...PV..PW.MPV.*_...PV.sf..PV..VP..PV.Rich.PV.........PE..L......].................f...*.......5............@.................................$.X...@..............................................(...........;W..(...........................................................................................text...{d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc....(.......*..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\zbShieldUtils.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2060288
                                                                                                                                                                                                          Entropy (8bit):6.611521905910169
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:a4yxp/wFOn9xRo3HVCEi2ynjsPAXkp4K0x8BFuchaFotKLIk:aJTwo93o3UEi2ynjs4Up4KI8BFucME
                                                                                                                                                                                                          MD5:3037E3D5409FB6A697F12ADDB01BA99B
                                                                                                                                                                                                          SHA1:5D80D1C9811BDF8A6CE8751061E21F4AF532F036
                                                                                                                                                                                                          SHA-256:A860BD74595430802F4E2E7AD8FD1D31D3DA3B0C9FAF17AD4641035181A5CE9E
                                                                                                                                                                                                          SHA-512:80A78A5D18AFC83BA96264638820D9EED3DAE9C7FC596312AC56F7E0BA97976647F27BD86EA586524B16176280BD26DAED64A3D126C3454A191B0ADC2BC4E35D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......c./}'.A.'.A.'.A.l.B/:.A.l.F/&.A.l.E/..A.l.D/..A.l.G/&.A.l.@/..A.'.@.-.A.u.E/5.A.u.B/?.A.u.D/Y.A..H/$.A..A/&.A...&.A.'...&.A..C/&.A.Rich'.A.........................PE..L...i..f...........!.....f...N............................................................@.........................0...........T........A..............................p...............................@............................................text....e.......f.................. ..`.rdata..>L.......N...j..............@..@.data............Z..................@....rsrc....A.......B..................@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-RLAH2.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6144
                                                                                                                                                                                                          Entropy (8bit):4.720366600008286
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                          MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                          SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                          SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                          SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\AccessControl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26848
                                                                                                                                                                                                          Entropy (8bit):6.652871453473559
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:qflzhxZBcukmxQN2NMBMLh2ES+9DlJshjJy0swiEVAM+o/8E9VF0Ny29:8lvcu7x7uB2R9pih1y06EVAMxkE
                                                                                                                                                                                                          MD5:39B6A146E9DAAE870A394530B5723E96
                                                                                                                                                                                                          SHA1:2E62DBE3A1BD65BFA245E38021F8BAEB24EA3291
                                                                                                                                                                                                          SHA-256:2A3C3830996953E592FDC67B1F4B4F3B4194F5CA28929E577297A72A58C84A84
                                                                                                                                                                                                          SHA-512:5C27896FAC5B37A0856379323EDA80F52154F1335DA86A966E62E28366D613687C193B6A8E37DF9C6285B1AD8137D9F4F01A550D02E74A5C4847310FAB482354
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9[..X5.X5.X5. ..X5.X4..X5.?1<.X5.?15.X5.?1..X5.?17.X5.Rich.X5.........PE..L...BcL^...........!......... .......*.......0......................................S.....@.........................p<......|@..P....`..............H@...(...p.......<..T............................................0...............................text...I........................... ..`.rdata.......0....... ..............@..@.data...L....P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\CR.History.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\FF.places.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                          Entropy (8bit):0.03862698848467049
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWHxAserRNbekZ3DmVxL1HI:58r54w0VW3xWmfRFj381
                                                                                                                                                                                                          MD5:507BA3B63F5856A191688A30D7E2A93A
                                                                                                                                                                                                          SHA1:1B799649D965FF1562753A9EB9B04AC83E5D7C57
                                                                                                                                                                                                          SHA-256:10A34BE61CD43716879A320800A262D0397EA3A8596711BDAE3789B08CB38EF8
                                                                                                                                                                                                          SHA-512:7750584100A725964CAE3A95EC15116CDFE02DE94EFE545AA84933D6002C767F6D6AF9D339F257ED80BDAD233DBF3A1041AB98AB4BF8B6427B5958C66DCEB55F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\JsisPlugins.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2160856
                                                                                                                                                                                                          Entropy (8bit):6.779350356047654
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:SdpuUEAFwL9cgRCbajymTn920aBa7deTlfRXAF3bHQpobMAjY5kH:SdpucFwL9zymTn920aBa7deJfRgbHQu1
                                                                                                                                                                                                          MD5:916F3D54B2714E4129A786CE128DBE0B
                                                                                                                                                                                                          SHA1:B2914CADC19CD87F1FA005D9216F6AD437FE73AD
                                                                                                                                                                                                          SHA-256:9B2FB069FAD6A9422808C1526328A1D6305573BE9EBCC3AEAB7A38664D02AC6D
                                                                                                                                                                                                          SHA-512:8C05F71E55D6B5F1DD797DEE852183BDBD7D7EB8D36B760C5C7413BC79D5F2C8300C41AC3DEB76F2AA497D8C86434F04F3A7DD17EA65D0E44CA5FB8E59F62416
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.............e...e...e..xf...e..x`.m.e.ka...e.kf...e.k`...e..B....e..xa...e..j`...e..xc...e..xd...e...d...e.ka...e.k`...e.ke...e.k....e.......e.kg...e.Rich..e.........PE..L....5.d...........!.........*.......s....................................... !......S!...@.........................................................H. ..(.... ......G..T....................H.......H..@............................................text............................... ..`.rdata..............................@..@.data...(...........................@....rsrc...............................@..@.reloc........ .....................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\Midex.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):129760
                                                                                                                                                                                                          Entropy (8bit):6.686100620416484
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:wACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazG+k:wACUTz1JlopG5K4OZgeC9
                                                                                                                                                                                                          MD5:18198BAE7294424D3607F776F5EF7B0F
                                                                                                                                                                                                          SHA1:5EBC82D4C91ED2736F98AED57EB8578F0F225C33
                                                                                                                                                                                                          SHA-256:6078F5FDCC332F617773AAE89AC3DB0888A0360A32BB6D9431D716471D1C480F
                                                                                                                                                                                                          SHA-512:507D625C0643165B12A2C0EA01765445AD632136DA0A40B14EC36B0E1794D3ECE43CE482B5E4C9281565AE3BF226C60FBA5A25C085430EC5F1D17B7563CAA4A8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................\P5.....\P7....\P6........................W............r.......r.......r.;.......S.....r.......Rich....................PE..L....lL^...........!.....:...........E.......P............................... ......"-....@.........................0...D...t...<...................H....(.......... ...T...........................x...@............P..L............................text....9.......:.................. ..`.rdata...p...P...r...>..............@..@.data...t...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1910576
                                                                                                                                                                                                          Entropy (8bit):7.58137479903026
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                          MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                          SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                          SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                          SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\StdUtils.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):200416
                                                                                                                                                                                                          Entropy (8bit):6.688698057656482
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:sRXOjZpSOAPrzjyfvwyYUDBftoJiEqNuozAsWFFowXV8xBY90JZx4INb54UVuH7d:OOdpSOGvWjbLtBwF8TJL4IxVuH7xlh
                                                                                                                                                                                                          MD5:F2AAC54C495BD4566228E5CC2CBBFE97
                                                                                                                                                                                                          SHA1:3DBFCA2AB60C17B1A0FCF3E6B8EE7AD18173FED7
                                                                                                                                                                                                          SHA-256:22AE097B02F02A7C2151B113DD5756965D3857A148DF19C745D4DA2A4887B292
                                                                                                                                                                                                          SHA-512:FEFFFD62B4735D7AF459A771FFB73AF8AB0BE8CD08C1BA6B009D28CF9F97AD138976F628AE28600CCA0FF10B7FFFA63B94E34EF4328623A28F8088F028597BFA
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........f.................................x...g,.....,.......,.................a..........,......e......e.......e...............e.......Rich....................PE..L.....l^...........!................\........0............................... ............@............................T...$.......................H....(..........0...T...................,...........@............0...............................text...8........................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\inetc.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):38112
                                                                                                                                                                                                          Entropy (8bit):6.31022202046075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:sEE9m7Lbg4nqAYYDqAvELv5TGjgy06EqAMxkE:sEJnbpnBDBED5TjxIx
                                                                                                                                                                                                          MD5:5FDB8BD2FE89ED7B03F2DBE64D5F51EC
                                                                                                                                                                                                          SHA1:355AF194C6C003ADD61808F7D65C104C3B221AC5
                                                                                                                                                                                                          SHA-256:4A926AAD3FD97366E164E92CC0D37F76E6ED348757F72EDA499C3DE19671BCE3
                                                                                                                                                                                                          SHA-512:FA177B5710E2479C59E7E0A6047D69C09D565905105D08F983840B0E77209DB0B8DF6646FE9827997619015888B536F7CC0B1654F6AAD383B2A571C4694274E1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.q,z.q,z.q,...,s.q,z.p,/.q,..t-x.q,..u-{.q,..q-{.q,...,{.q,..s-{.q,Richz.q,........................PE..L...B.b^...........!.....6...|.......2.......P............................................@..........................W..l...xY..d...................Hl...(......p...PW..T............................................P..p............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data....V...p.......L..............@....rsrc................Z..............@..@.reloc..p............d..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\jsis.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):130784
                                                                                                                                                                                                          Entropy (8bit):6.313676957875236
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:33Zk9fOAewM0+W8NVH28fB948igEWo8P+fidx:33qNOApM1G8fBpidWZ
                                                                                                                                                                                                          MD5:4A98ACC5AD0E701E3289231FDB253A5D
                                                                                                                                                                                                          SHA1:A8E7452658EA0777CF838FEE2ABEC806B147E832
                                                                                                                                                                                                          SHA-256:E9B0AF410098EFA3848CCCA171C6933C70FF06B241F3806FD3816EAB5757BEB6
                                                                                                                                                                                                          SHA-512:1213061966D9858467CEEA746EEE2A00CA381CC693457E347D58BEF7996DAD4F5EE7412FCC2A4E48F96256445D966141F2BCA993132FCE4402142A57114D8AB3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Q.'.?.'.?.'.?.....4.?.'.>...?...;.2.?...?.&.?.....&.?...=.&.?.Rich'.?.................PE..L...^<.e...........!......................... ............................... ............@......................... #......`6......................H....(..........."..T............................................ ...............................text............................... ..`.rdata..@%... ...&..................@..@.data........P.......8..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\jsisdl.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):25816
                                                                                                                                                                                                          Entropy (8bit):6.714415723163507
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:Ej42b45gg3PClGaGU8D1sNy06EdAMxkE6:Ej42bggA6bg1yx1xW
                                                                                                                                                                                                          MD5:E149A8BCD017059151E37881A442ECBE
                                                                                                                                                                                                          SHA1:53AFEE6CC4B8098BE98B199D6B2148B0B48D247A
                                                                                                                                                                                                          SHA-256:2AA66C5745BBF99412C735C601B9592DCE1EF6C888D76EC0FD817D580EB0CB07
                                                                                                                                                                                                          SHA-512:8F8340678C78F2BA1C4D18F6A108B97F0516A32EF379735C7DAC5B23595B809DEC3FCA87551B107E33637B56107540293166729325BC6EF131C0F968278A61C2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9]..X3.X3.X3. ..X3.X2.X3.?1;.X3.?13.X3.?1..X3.?11.X3.Rich.X3.........PE..L.....b^...........!.........R.......%.......0.......................................f....@..........................0..d....2..P...................H<...(...........0..T............................................0...............................text............................... ..`.rdata.......0......."..............@..@.data....D...@.......(..............@....rsrc................4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\nsJSON.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):37600
                                                                                                                                                                                                          Entropy (8bit):6.707926977853279
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:K1vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpqy06EHAMxkEk:K1bYPHqu7EUhL27bT8xnxw
                                                                                                                                                                                                          MD5:52B19EAA9500F892FD83F8012D705701
                                                                                                                                                                                                          SHA1:FB06D3004A4AC2C937E878A0AC3285ECE4E305FE
                                                                                                                                                                                                          SHA-256:081F0B9830921894DF2D8920AF6D7069C8F2298622AFC954731A58C4E2423391
                                                                                                                                                                                                          SHA-512:82632417A41D9F593C62B8E850E824749BABCF3480C5663767477097B27C680A72CAECBCB7C9F88061FA2C998A99FB3DAFB5A5796CAB464DF4E945FA93D267B6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>E..P...P...P.......P...Q...P...X...P...P...P.......P...R...P.Rich..P.................PE..L....6.a...........!.....H...........*.......`............................................@.........................pi..H....l..d...................Hj...(...........i..T............................................`...............................text...AF.......H.................. ..`.rdata.......`.......L..............@..@.data...$............^..............@....rsrc................`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\reboot.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26840
                                                                                                                                                                                                          Entropy (8bit):6.837130188655359
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:NimyF0m1ZSB69hT0JLbQjCPR28t5zKIBPUJy0swiEv9AM+o/8E9VF0NyTP2:Nil2EOPQATrRBcy06Ev9AMxkE92
                                                                                                                                                                                                          MD5:B951C5DE3420EA1B7FC980DE0F16A606
                                                                                                                                                                                                          SHA1:47729AD26FBDDEE96DD5D29E161852CEA5B94A25
                                                                                                                                                                                                          SHA-256:7CD1263FAE809FF7BD3F359008661314C9D35C1F6062AF9C81C3130F562BC2AE
                                                                                                                                                                                                          SHA-512:D3C5D890A550B884C81A5C2A2A19E25E7A6BAEA9E2C13AD5A8D5B624D21FF5865253354D1AE60F7CA1D088AC2035EB4D4585A9AF16C549AF89DC0D7FFCF2CB74
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.0.>f^.>f^.>f^.7...7f^.>f_. f^...Z.8f^...^.?f^.....?f^...\.?f^.Rich>f^.........PE..L...c.b^...........!.....*...........4.......@............................................@..........................@..`....B..d....`..............H@...(...p.. ....@..T............................................@...............................text....(.......*.................. ..`.rdata.......@......................@..@.data...0....P.......4..............@....rsrc........`.......8..............@..@.reloc.. ....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\remoteResponse.json

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):763
                                                                                                                                                                                                          Entropy (8bit):4.746670276394788
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:YiKwpqL1sjhSG2qwpHgZaJzoSpeBrwTSJ0GddZaExdcuevifHZAIDO1:YiKwkHgI5o5Bu6BdKEXe6vZ1De
                                                                                                                                                                                                          MD5:14D6EE1A2E17F33864A709B9CB102BB4
                                                                                                                                                                                                          SHA1:6AD39B7185C89C1CC8FD150B32432C11D2C6B835
                                                                                                                                                                                                          SHA-256:59C74B8F4278444D9E61695E552203F03AF5D066A7F7CF7B83122BEF4E97935A
                                                                                                                                                                                                          SHA-512:7DF8A8F9BEE5AFAADCE8B39F9E5DC5F55C8BE3A55C63A78D79C8BFE4932F024741DC9FFA93E5F3B34081E2E53651A8572FCD68CDC1B72E86196ADEA45C468992
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:{"av_extensions_native":"lhnnoklckomcfdlknmjaenoodlpfdclc,dmfdacibleoapmpfdgonigdfinmekhgp","campaign_group_id":"2911","campaign_id":"29239","country_code":"US","register_install":1,"remote_disable":"0","request_uuid":"8c027da899224a02a21678e6389239d8","search_provider":"yahoo.com","search_provider_google_client_id":"NULL","setting_enable_bankmode":1,"setting_force_default_win10":"1","setting_heartbeat_install":1,"setting_import_cookies":"1","setting_import_settings":"2","setting_install_background":"0","setting_launch_install":"1","setting_launch_logon":"1","setting_popular_shortcuts_v2":"0","setting_shortcut_desktop":"1","setting_shortcut_startmenu":"1","setting_shortcut_taskbar":"1","update_retries":2,"utc_date":"20241013","utc_timestamp":1728854976}

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\sciterui.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6398680
                                                                                                                                                                                                          Entropy (8bit):6.757721296323737
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:yTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwL9BlK5p:yTvkTLVTAudcoJheBnknfFrqNVMu
                                                                                                                                                                                                          MD5:269EDAF14B5B99A0869A5480DEC9D9D2
                                                                                                                                                                                                          SHA1:B9F8CE759CADA0874EA2181751E05899658E34BC
                                                                                                                                                                                                          SHA-256:9752FAB0F93CF571407A4954ED46C0D5F5B1A858BEBD551231D2D21C707BEF70
                                                                                                                                                                                                          SHA-512:682AE7AE6B4A03DC0EE447E35DA73EF0CFC488984047FD6551D89634382A10F18F84A84B9868484CF1586AEF35634C00F5D3CA083954954127DC59992C33E2DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..............|~..............|......Rich............PE..L...3I.e...........!.........xa...............................................a.......a...@.......................................... ..8ta.........Hza..(..............T............................................................................rdata..............................@..@.rsrc...8ta.. ...va.................@..@....3I.e........_...T...T.......3I.e........................3I.e........T...........RSDS..i....E../'.K......D:\work\d58bb94b48143cdc\Contrib\build\out\x86\MinSizeRel\sciterui.pdb..............................T....rdata..T........rdata$zzzdbg.... ..P....rsrc$01....P!...ra..rsrc$02................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsr5349.tmp\thirdparty.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):95968
                                                                                                                                                                                                          Entropy (8bit):6.540971049765208
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:uqNkPugFq0hRqcS+rYS0wreCmbsWmXKcdCbAKPz7VPxzxm:uqN0u8q0hRqhcelwXLyAKPz79W
                                                                                                                                                                                                          MD5:5D1F1A9575A20E6273D3F1553378DA7C
                                                                                                                                                                                                          SHA1:97E28C80F8C4DED7F91198B677A02491158F85EE
                                                                                                                                                                                                          SHA-256:DD9B241E2F8CDC6C9A098AF68EC462850EBBC4391ED57967B37A4CCBC0100A27
                                                                                                                                                                                                          SHA-512:14BD97CBD1328010E9D613EE1CEC13A9C7008F7C26739C5B054B77D6BF2A41FE8B73FD6D9438228DAE70632838AF898AF26B5A0A73A1387E8E4F5FB7A3CD8AC5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f......................................................,.......,......,.......................................Rich............PE..L....d._...........!.................g...............................................c....@......................... >..|....?......................HN...(......`....6..T...........................(7..@...............t............................text............................... ..`.rdata...g.......h..................@..@.data....2...P.......0..............@....rsrc................8..............@..@.reloc..`............<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsv5192.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):18749398
                                                                                                                                                                                                          Entropy (8bit):5.540150296150122
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:pP8TvkTLVTAudcoJheBnknfFrqNVMuEdpucFwL9z2a7deJfRc6cWljaF9IU+Js:zXBAudcoJ59rqNVMy2G6TS9I1J
                                                                                                                                                                                                          MD5:78904B99D2C9AC6CA1B032CDEDED3816
                                                                                                                                                                                                          SHA1:18E5A79B33D5A47536CFC21DE500949530B5A060
                                                                                                                                                                                                          SHA-256:4043AF6E29B8C64380A471B6D4F74462421925DC3501FF26C1A629B3753B091C
                                                                                                                                                                                                          SHA-512:0F35D1C96E672CEC9F8479F65616B061A07A52FC9333C4457CDE80EE67C133D871D38636EB7ED39931D6E6050A540767B74F957D0016220D213797EA92980BB6
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.vs.....,....................{....a......Cs.,....vs..............................................................i...o..{o...o..............................................................................................................................................................................x...j...............................................................................................................................G.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsx6EF0.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):700
                                                                                                                                                                                                          Entropy (8bit):4.727166525039482
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:YWLSHkawuhTpOPWJn9wuhzVuPWJe9zwuhkPWJECwuhD7PWJGwuhzPWGk+c94GniX:YWLSHk/DOJeQVuOJe9cnOJAs7OJ7oOGn
                                                                                                                                                                                                          MD5:359CCE9C2DF62868BF4096E887993CB7
                                                                                                                                                                                                          SHA1:F3683EE9E7ED5CFC3570D9AAF769EEF6F4FA3A95
                                                                                                                                                                                                          SHA-256:FCD6CEBFE6E9D8BDDF1C4B09771D7D849F2FDC105F991337E45D6AA82F33B627
                                                                                                                                                                                                          SHA-512:A5E99FA8AA18E6A7CEB7CFB0C99DC99B606567AD1DDC3BF5AB81D18502F513A9D96D264552F81508317778216B4A4360D87E96AFF302CC7F7FE1DF92C59A6737
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:{"version":9,"engines":[{"id":"google@search.mozilla.orgdefault","_name":"Google","_isAppProvided":true,"_metaData":{}},{"id":"amazondotcom@search.mozilla.orgdefault","_name":"Amazon.com","_isAppProvided":true,"_metaData":{}},{"id":"wikipedia@search.mozilla.orgdefault","_name":"Wikipedia (en)","_isAppProvided":true,"_metaData":{}},{"id":"bing@search.mozilla.orgdefault","_name":"Bing","_isAppProvided":true,"_metaData":{}},{"id":"ddg@search.mozilla.orgdefault","_name":"DuckDuckGo","_isAppProvided":true,"_metaData":{}}],"metaData":{"useSavedOrder":false,"locale":"en-US","region":"default","channel":"release","experiment":"","distroID":"","appDefaultEngineId":"google@search.mozilla.orgdefault"}}

                                                                                                                                                                                                          C:\Users\user\Desktop\Cheat Engine.lnk

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 13 20:29:30 2024, mtime=Sun Oct 13 20:29:42 2024, atime=Fri Sep 30 18:37:02 2022, length=399264, window=hide
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):931
                                                                                                                                                                                                          Entropy (8bit):4.565456909631168
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:8mZbdNA1RdTPK9qyK9VXVQA3ijdidmkh1m:8mZbETdTPjys1Ididmkb
                                                                                                                                                                                                          MD5:46DEF9C5BF484BEFD1CBEA65BF3AC5AE
                                                                                                                                                                                                          SHA1:971570A991E486FD6DFAC87C7E268D8B1534AABD
                                                                                                                                                                                                          SHA-256:6D26BA7E5BBA954FC86CC5DC82AAB6BDD64B6895B253006BC7150D5DDFCA2619
                                                                                                                                                                                                          SHA-512:DF5D6816A53523B1EBA47A977BE8B3BA29B916D52B9DC7BC3AC624CB9580A521E94CF3B746F0A4D372F8BBD6FC04EA82E9C0EE1325833DA82D5C3E277F927409
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:L..................F.... ............#{......CV..................................P.O. .:i.....+00.../C:\.....................1.....MY....PROGRA~1..t......O.IMY......B...............J......b..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1.....MY....CHEATE~1.5..R......MY..MY.............................4..C.h.e.a.t. .E.n.g.i.n.e. .7...5.....n.2.....>U.. .CHEATE~1.EXE..R......MY..MY......_.........................C.h.e.a.t. .E.n.g.i.n.e...e.x.e.......a...............-.......`....................C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe..8.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.\.C.h.e.a.t. .E.n.g.i.n.e...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.h.e.a.t. .E.n.g.i.n.e. .7...5.`.......X.......609290...........hT..CrF.f4... .".E._c...,...E...hT..CrF.f4... .".E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                          C:\Windows\Installer\47b85a.msi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):3.710330368678027
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                          MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                          SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                          SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                          SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\47b85d.msi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):3.710330368678027
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                          MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                          SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                          SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                          SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\MSIB9C1.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1629
                                                                                                                                                                                                          Entropy (8bit):5.662786263662916
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:MEV9KJnuEyYGoYD8SFoeUl8In8MV9aXuqguEVltWJcXhV9oRXVM:MpGyw2e/I8GMEPgFk
                                                                                                                                                                                                          MD5:D0B95F3186DCFF8A22BD7E8779AB0FAC
                                                                                                                                                                                                          SHA1:19D5C1B7F7790F858936EBA497CDC7941F9F4881
                                                                                                                                                                                                          SHA-256:869BA4A7E5979BFD959EE77A1B8F12DE619E9DB8A1F6154F8C55D4861F8F1A73
                                                                                                                                                                                                          SHA-512:55464DEA577EA3D19681E655EA3DD79DF8D6ECE333B120188EA072D00CC0C2C50DB74D12DB964A64AED78C5C2FAD8B02582C0A308B6D37F5EC0FC512D858FC5F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...@IXOS.@.....@..MY.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{717B7059-A988-492F-AF1B-DCF70BE809AB}-.02:\SOFTWARE\Norton\Browser\Update\MsiStubRun.@.......@.....@.....@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]...@.....@.....@.3..$..@......SOFTWARE\Norton\Browser\Update...@....%...MsiStubRun..#0....RegisterProduct..Registering product..[1]......Please insert the disk: ..required.cab.@.....@......C:\Windows\Installer\47b85a.msi.........@....H...C:\Windows\Installer\47b85a.msi&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..&.{95

                                                                                                                                                                                                          C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.1713549499843812
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:JSbX72FjMlAGiLIlHVRpIh/7777777777777777777777777vDHFiqjBER9JTrlN:JmlQI5w0OB49YF
                                                                                                                                                                                                          MD5:D7AE29434440A87D93427CC59990D754
                                                                                                                                                                                                          SHA1:32D89B884EBC0A64887B4368A5E46B83C17272F9
                                                                                                                                                                                                          SHA-256:8BC35347DE9BAAC6ED4FB880B1B54F770B11C2323396662126B0C19C41E2DBA1
                                                                                                                                                                                                          SHA-512:5C3B96C83AD9B0C90FE4951F32C2D0237D29D429091EE1D01309428E622576A5AAEBA0F9D670BD42C9A6FF7579FD714F250A322AC6789BA73B985C9172DD61FB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.4549069462350444
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:Z8PhNuRc06WX4UnT5Qda7rDS7qdpCSIN8lgk:UhN1knTxHD4k
                                                                                                                                                                                                          MD5:CB94174582345DD87BC0B4D76DF19D2D
                                                                                                                                                                                                          SHA1:7A5D44B4EE5405B56634B60176BC1140C9AB6CEF
                                                                                                                                                                                                          SHA-256:7BBF72E2C10F9AE50384F18D7888039F373260F0EB6D604786A1F543058F3D36
                                                                                                                                                                                                          SHA-512:C9E0D7BA52B188698C719D202D525D14C95E0A7467598CB1DE5526C77948F6D83859C6731313789752C8AB08E5297998C3B3CF834A2FED522DB112BEB6EBE1BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):360001
                                                                                                                                                                                                          Entropy (8bit):5.362963904786931
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauC:zTtbmkExhMJCIpEH
                                                                                                                                                                                                          MD5:C2D21E9D7E4B23C5B2EFD78A0D6A53DA
                                                                                                                                                                                                          SHA1:B16C4B03F35B8A983146ADBCD8DDF07D2ED2A09C
                                                                                                                                                                                                          SHA-256:E45CB5B57273EDAFD002438A5F5E6CB66249744A411F8B84388203301609EF43
                                                                                                                                                                                                          SHA-512:358AFCA83996ECC47E57727C59E214D7F78B36D6FAD510B4C57DB9C5410C815251E0CC7D7DFE362E0CD8DD8B51C2F202BA7EF2FA955B4297191270CF4B6B90FE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\bug_report.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5857608
                                                                                                                                                                                                          Entropy (8bit):6.512826474361067
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:hQaHegpcW/vQXw+Z4RBe3xtrlU5JU5OgtR/7I/o:hQaH3QsneLrlU5JU5OgtR/7
                                                                                                                                                                                                          MD5:0A10C85A6F8D84B7A8123F2B7A233B49
                                                                                                                                                                                                          SHA1:5B2540B05F3F2712D2002EF8DABBEEDE2E581CC2
                                                                                                                                                                                                          SHA-256:7DCB3284D637FB01ACA0AA743BAB8AB85DE550C34E1BD91BE164D415C4DFB461
                                                                                                                                                                                                          SHA-512:E1AE5587795651FC4950325A112E38D895B7C1282D3C1196565A4CFDF2F65D0974C0F4FDD64226F682098142FBB34AF19C8E41BFE9020AA76246913B04092668
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$...................X......X...U.......................................A.......I...................A......X......X............................}.................Rich....................PE..d.....f.........."....&..<....................@.............................0Z......tY...`......................................... .N.......N.h.....Y.......V.....H6Y..+....Y..p....F.......................F.(.....F.@.............=..............................text...\.<.......<................. ..`.rdata........=.......<.............@..@.data........N.......N.............@....pdata........V.......U.............@..@_RDATA........Y.......X.............@..@.rsrc.........Y.......X.............@..@.reloc...p....Y..r....X.............@..B........................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\config.def

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):549
                                                                                                                                                                                                          Entropy (8bit):5.443032726347192
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:2AcW1OPqygANI+xzYN/qb0a3Uk7oMQuROfzZM5KWPoGJ7Ulk:rVAJI+dsqNUk8MQuALqw4ck
                                                                                                                                                                                                          MD5:3E9C87EF79AEC6EF3AF203B32B003198
                                                                                                                                                                                                          SHA1:82D9DBECBB20FF8160439D9F7D8B87466BCDFBEF
                                                                                                                                                                                                          SHA-256:E3E8CBE0A09239F7C977BFC7D283C32E1A8DACD5FADC2F6643724E4E68CB8489
                                                                                                                                                                                                          SHA-512:88E65718A1D7B538C14822CBFE1EEA21DD8C102C9B3C0C4B6DFF719EC0F74E3C5C5B83B630F4C8506049B1E793EC2A1F4AED279BC44F904CA8355A0E1C4BFDC5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=100.0..updatable=1..[Signature]..Signature=ASWSig2A0839A62016BD5ADC618C81BD649502F9846A4D7C56363532F6617DE20034C5FB42DDCB5BE37254EFE49170A8C56892BA45C951678781E3138DF47450818061C8ASWSig2A

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\dump_process.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3515720
                                                                                                                                                                                                          Entropy (8bit):6.52433263379008
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:0Klnv2mSZSGmeIqF/F5nY3yaTi2HBbvY8q+p7i8tZ8lArtYtPtXJ+q1cTiyKJ+jX:04nnw1athpWkE4o
                                                                                                                                                                                                          MD5:B45C1F4D2DECF7B2F453157EE51B30FE
                                                                                                                                                                                                          SHA1:5776E4A828E836D3D902F4D2378003BAC99FD764
                                                                                                                                                                                                          SHA-256:EC6AB4F0E8DE9DE8A8C3073BABA01C0BDC941F0B50742C666B121E4CE9E356C4
                                                                                                                                                                                                          SHA-512:90801BBFA9AC8FEA2B7CF4D57EC5958C9FD40022E878DE40C050F14092F51D258E88B3B71D72A8639DF2C380B92B86C4A9CC142F416CEB15992A4858B8EDC4AB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$...........Ij..Ij..Ij.....Bj......j.....Uj..O.c.Jj..O..[j..O..]j..O..=j..@...Kj.....Hj..Ij..Nj......Jj.....Pj.....@j..Ij..k..#..j..#..Hj..#.a.Hj..Ij..Kj..#..Hj..RichIj..................PE..d.....f.........."....&.T ....................@.............................P6.....T.5...`...........................................+.....d.+.......4..Y....2.....Hz5..+....5.8V....&.......................&.(...p.".@............p .p.....+.@....................text....S ......T ................. ..`.rdata..>....p ......X .............@..@.data...p.... ,..4....,.............@....pdata........2......62.............@..@.didat..P....p4.......3.............@..._RDATA........4.......3.............@..@.rsrc....Y....4..Z....3.............@..@.reloc..8V....5..X..."5.............@..B................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8207176
                                                                                                                                                                                                          Entropy (8bit):6.452332377747259
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:HPGafAP4fKA7MTWknT0AufKJKXWu1MTHlFk:vG8AP4fKAoTWknT0AufKJKXWu1MTFu
                                                                                                                                                                                                          MD5:B178E9C05511563BDF3A5097D9116197
                                                                                                                                                                                                          SHA1:8372B74199C9D2B49C79F2DF61A6734248051A8F
                                                                                                                                                                                                          SHA-256:BA37D3942A9C593900B99A86C846013422428366DC42DC3BCA944A6A0FD0A598
                                                                                                                                                                                                          SHA-512:15FE06D23A7E1F58E7B7F9038E269B146F7C183A51C7F1C9593DD9E4B1D414748997F1E21FF286383FDDC16D9DEFC5A0908E570C21E7F9E02382709456502631
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.......0...ti..ti..ti.....i..r...xi..r...gi..r...fi..r....i.....di.....Ri......vi......|i..}.u.vi.."...ni......i.....wi..ti..yi.."...pi.....ui.....Qi..ti...k......~k......ui......ui..tiq.vi......ui..Richti..................PE..d...L..f.........."....&.&W..H&.......0........@............................. ~.......}...`...........................................n.......n.......|.......x..g..H.}..+....}....(*d......................,d.(...`a[.@............@W.....@.n......................text....$W......&W................. ..`.rdata..:....@W......*W.............@..@.data...`....0o.......o.............@....pdata...g....x..h....x.............@..@.didat..p....`|.......{.............@..._RDATA.......p|.......{.............@..@.rsrc.........|.......{.............@..@.reloc.......}.......|.............@..B................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_product.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):877384
                                                                                                                                                                                                          Entropy (8bit):6.588315273201005
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:iFq11j5oI+GqrFgLFkCc0wyBsrTaiJ+fNxNc8pph0lhSMXlipRojKPp+7:iFqxIrFgLdi4NIOh0lhSMXlGal7
                                                                                                                                                                                                          MD5:24F0F24A5F2BC395C7E0A9FC0D3E36E1
                                                                                                                                                                                                          SHA1:FE30D197FA02509C398DD3889EA29CA9E2C3C8ED
                                                                                                                                                                                                          SHA-256:5330BB949B6E9EA2A051EEC0DFB8ED2647705A0F6DABFD1834B9AFADD53BD782
                                                                                                                                                                                                          SHA-512:90F423080470B9EBB7E4547CA297FF7D47AB2FFD535D2FC1A6741B38844AF42E53AD932BC908007F52F6AF8EBAF917A4598FEC1B097542300A69D78E98248C8F
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........q@.}...}...}..$....}..$... }.......}.......}.......}.......}..$....}..m....}..m....}.......}.......}..=...l}..5....}...}...}.......}..$....}..$....}...}.........._|.......}.......}...}...}.......}..Rich.}..........PE..d......f.........." ...&...........................................................i.....`A.........................................q......`r............... ...j..H8...+......................................(.......@............................................text...|........................... ..`.rdata..8...........................@..@.data............H...l..............@....pdata...j... ...l..................@..@_RDATA............... ..............@..@.rsrc................"..............@..@.reloc...............(..............@..B................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_product.dll.lzma

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 877384
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):325694
                                                                                                                                                                                                          Entropy (8bit):7.999386609731591
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:6144:k0g4sUkokacUJ5ndSyMkurE9Q//fEjdHapIqOW/uxvM:Vg4LkokaVPdBpuIm//9bOcf
                                                                                                                                                                                                          MD5:464C4BB3D42B8F59BE8A0DE67B42D773
                                                                                                                                                                                                          SHA1:F6E18241BD6E9E0D39D8130BD412D00C89163077
                                                                                                                                                                                                          SHA-256:61DE14971A64E484BF11D629B51464C8A73347D0D16041CDA8CCC27472608FC0
                                                                                                                                                                                                          SHA-512:4AAA315955529E5BA0992EBEC6557BBB7156D851AAA1CA740DA306AE585F89401489BF33C4A4331B774C88B868AE9B318C7A98D49A9637455ADD7E65E5A587B9
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@.Hc.......&..p.........../D.|....o.e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg.....a.D......BR....O..3.'..jK.0.E............y.t.`..1......."O....le.|.u1.{.....'ea.5......L..%u...;{..e.nK..},..n.P..T.m..i......8_.......+...).X8RD.,.`..]..l.....]..s..[..g....$fJDo...~..YS>z".%..ER?.q6u..5..x2.p&.D.rPR.4..A..f&...<.g..e.......*.........U..'.........66.M..M...s..d03J..y...+....(7..$8.LF.y;;6.....;.R..(x....,.o...~<...0"..u...@O.E6.y.C....j.5*/2?.*.GAz..h.$E..fo.d...1.-.9....H.H.g?.zu?.g......-.5..>..-.6.ka.O..%..w..H.....y.d.#..C.+...'p...F..*:.In``au..3..O.f'..Uf...Mh8r."d...5.....]...y..m#g.;C...c.|N..w ...S...F1...qm.&/.=....Y..x....O..lJ.......?...m`.[.Q.1..7A....o..n.....O2.m...t......-..CJ..=.......|.. .hX..u..W9L..<..UA]V.(j.v.y7y...3.z..v..:...A:8...^.,.d.iUD.{YD.C..N6%P.x.?.(.....+1`..8.@.B.jX..*D[.....#..9..,(.........W........y..[F".0b.a.,N...._...."..k.9..gy.NE.........<}...X.Z......!X.u'.*.........8....K.

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_rvrt.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):50976
                                                                                                                                                                                                          Entropy (8bit):6.695978421209108
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:6fMVFuX7Y1C7X+oAiZ8uMX07F9Kx24Zza:WMVFsSC7+K8ua0qm
                                                                                                                                                                                                          MD5:97F5D0CAAA1988C95BF38385D2CF260E
                                                                                                                                                                                                          SHA1:255099F6E976837A0C3EB43A57599789A6330E85
                                                                                                                                                                                                          SHA-256:73EE549578DED906711189EDCEF0EEDBC9DB7CCBD30CF7776BD1F7DD9E034339
                                                                                                                                                                                                          SHA-512:AD099C25868C12246ED3D4EE54CEF4DF49D5276A5696CA72EFA64869367E262A57C8FF1FB947AD2F70CAEF1D618849DBAB2EC6161C25758D9F96733A7534B18F
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................r.............../......./b............../......Rich............................PE..d....>_e.........."....%.N...(...... ..........@..........................................`.................................................\u..(.......8.......P....x.. O...........l...............................................`.. ............................text...)L.......N.................. ..`.rdata.......`.......R..............@..@.data...............................@....pdata..P............l..............@..@.rsrc...8............r..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\icarus_rvrt.exe.lzma

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 50976
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26032
                                                                                                                                                                                                          Entropy (8bit):7.993020359748391
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:dXkqelTjZK0JgHW7tbzdiH2P6AdRo7+lmAo:dEfJJZtwH2PJbuUo
                                                                                                                                                                                                          MD5:84B41B6779CD161AA144FCB14B5DB7AE
                                                                                                                                                                                                          SHA1:374A045376685DD0E662C8A52DA1B117E719B4F8
                                                                                                                                                                                                          SHA-256:57B66C4F8F7DD6B808EACE56846ECCEA4B8CC09568B7DBABC0E59ADD50D739C9
                                                                                                                                                                                                          SHA-512:9D501EBB4335ECE860F1806EDFF4C85652962B8B01534C8FAD3904E56AB8058135D7835BDA170CE2D65C392EF39350FF7C0CBDEBC336E3B68136992E634B6B80
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@. ........&..p.........../D.|...G'_..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y../.e+.Y.1~...~y. .....}..N..H.)G'P0..K..*..?.."...c.|..p.z.m!*..D...P.X..@~..E.B.T....5.7o..Y[C.......1.f..]?.........*......W....z.V.b}.H....h0......>./...w.K..}.o..Tm....V|.2.,f.U.......C@.]..e_.&....3....5NC.:.Tm..A3...:.q'Pj2}.m...1k.s.T....O. .....sq.&PaB...=.F.f.F]..;..'...W....{i8......Ki.u.i..2#..*....L.........F......~..x.W..@.J..X..*.'....0t.g.B....b....Z...@~<...8QZLR..2>_.X....=q...%..r*....oP......B.*&..wjV.........`..-..K.=.&r....*....Mi...q..{!..P.aF........-)D.9...r.iE..3..Q.....}.'....o.VL.3.].fW...,......R....<.P.l./.>.%3...{K>...=0..m.B.....f.=...E.^3...."n{.kw..-./-.,..D.d0..$*...rq$...=...g...._n~...H.....p.I..e..U..(._.5.W..y.7.r.^......?|h..\;$.IW....E..N..$.....>..:..."....v.`Jya.MF.\.>.N...\.....I.m.*e.+.Ut....._...xo.[$.M.Q..V_..X.~.XO..'M;.*.(.@....X.d.{..g...0Lx.C....*......`w.o].....O5.'..Y..........y:}..w.....$.b.{....b..IJ..

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\product-def.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):59456
                                                                                                                                                                                                          Entropy (8bit):5.137313540035899
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:vOt4htHPgPSOKOYIZccKOmDPn2dbz11Qs7bgeDb+dyADAmUXfhno31vyFFT3vvW9:4PvgRT
                                                                                                                                                                                                          MD5:1C9C29ADA17095A3B5648271E492D2DF
                                                                                                                                                                                                          SHA1:9A263933D122C788B31C852400F99B6079E088E8
                                                                                                                                                                                                          SHA-256:8F14AB0585DF7475C08574F9A2D53804210948612ACE65DBF12AA6D7A2F3C406
                                                                                                                                                                                                          SHA-512:504B6D96F7A245C37C8CDE333B862BF4C86272C8B43EE47F8B0FB86A3B4C3F213CAFEE4644F829F2C5A0234FB1F996ECAF93334367DBE9FEA69F46BBFA6A2FAE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product name="avg-av-vps">..<product-defs>...<config>....<install-folder name="AvVps"/>....<full-name name="AVG Antivirus Vps"/>...</config>..</product-defs>..<group-defs>...<group name="base" mandatory-selected="true">....<action-list op="install">.....<delete-pending-files/>.....<commit-extracted-files>......<important>true</important>.....</commit-extracted-files>.....<expand-vps-version order-base="commit-extracted-files" order="+1">......<important>true</important>.....</expand-vps-version>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg-av]%" exists="true"/>......</post-condition>......<src>%PRODUCT_INST%\*</src>......<dest>%PRODUCT_INST[avg-av]%\defs\%VPS_VERSION%</dest>......<ignore-same-files>true</ignore-same-files>......<move-type>Immediately</move-type>.....</copy-path>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\product-def.xml.lzma

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 59456
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):13333
                                                                                                                                                                                                          Entropy (8bit):7.98619467588483
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:FCMZmYYxF9mOlnmoPF5XKjLeeOGGi541dcV:FCMZmYYxFFl9j6CetVV
                                                                                                                                                                                                          MD5:3FEC82F562587AE2EF76D0952D4FF0E1
                                                                                                                                                                                                          SHA1:7D95DDA2CAE1944D6924971A3ACAE52A6F1819B2
                                                                                                                                                                                                          SHA-256:6D377AD0BCA2A94387A08D7A03EC80DF8A1B93DFB72601B1293133A541F9AB72
                                                                                                                                                                                                          SHA-512:143F05F6D3A5E30A50EEE6116C4D7C4825246FA40CE80C62DB84A19C1FC63FDE817604F509C1678DD8C0F33E90AA66382562635CD45AE505694E671582AF199D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:]..@.@..............f......{3....&.7d..>$....`K...H......8..:_..~...\......>./........%..H.......o...Y....9-.f.P!....p...tC.k.....[...j...7^..1......N8...2....`..D.X.....h.TXhJk]......k...*3...J_..@[...URa.nK'.9W.a..Z.3k/.1e..gF6?.t...~.3e.=........BD....v...G7=..C.zM[B9d^..A...!....3BN3.(`..5T.....ZY&#AM.JA.......lnm.L.`x.......b@.`!...:...ZV.M~.P.%,.p.....Y..X2.oa.\.....}^....>.....7.{R=...3m>......I40Bua......[.q..Fn3j1....V6Wr..i9=P.'..a.y...|...\i&..EP..x.[y....Y5z<...dI..e..D..6.G..5*..%i^y\...O..:.....{...]/..%.[.......I+R...<\So...tPXA......?.T.+H.I.u.....~.cU.yTUq..pO....&=9.....X........RG...?b,....JY....8q.n.f/.<.@.... i;.@D.r/..-.r?.b-...]..g..e...wj.o...Ux"........6.o4...w.b......u.!j&<..`.M..?......._D}.~...@...eM...VJ..6>.....c.........%.q..6N0......!C..A..,o7..;.r.kE..>...aX.w..;p.!*{.6P.H........`o......-.n.|.O.\.=]g^b.'.rU..........2.......6.r&.%......O.U.s.X....vyP.E......F.l.e>J..z.0$...O...R..........r...q.:-(..oB.j.*...

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av-vps\product-info.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5931
                                                                                                                                                                                                          Entropy (8bit):5.102305966992679
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:aV028Dn+G28jHzkC0UzxoVN6V36rkYCKaxC+enxRVP8WA+ktM:a228j+G2OzkC0UzxoH6V367CKaxC+exf
                                                                                                                                                                                                          MD5:7A8F3D3DEF0F136A04E0DB069073EB5D
                                                                                                                                                                                                          SHA1:B2A4B8A09E7DCB8F1E4DC905A1E85A80A1E89D7D
                                                                                                                                                                                                          SHA-256:61623C6DBE950AA238AF24B1EE9DA469A7E4A5630ED601E87024AE4E22760B95
                                                                                                                                                                                                          SHA-512:8BB08EBF934D78CA09CFA3BF06BF1AEFFC54ED6C547280C9BA00D638B9F148DA7D4EB1319266173DD26ED62484BB07A5F6D6E0ECCACAA23FFBB5673E4D8EC58E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av-vps</name>..<version>24.10.1304.7926</version>..<build-time>1728830226</build-time>..<inner-version>24101304</inner-version>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>4c3eed0441406ddeadf69e99b62da68a216bdb798f8451a55324a02ec4800edc</sha-256>....<timestamp>1728830137</timestamp>....<size>7293256</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>ba37d3942a9c593900b99a86c846013422428366dc42dc3bca944a6a0fd0a598</sha-256>....<timestamp>1728830137</timestamp>....<size>8207176</size>...</file>...<file>....<conditions>.....<o

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\aswOfferTool.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2459976
                                                                                                                                                                                                          Entropy (8bit):6.784984125334933
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:YYNggggMXLb/PHdV3SaIOAvAfAAEV1rnFTZT0krlGW+:Y9/fdV3SahAo7ELxTZT0krg
                                                                                                                                                                                                          MD5:54158D51F5717DE8D6CA527AF7EDA3F1
                                                                                                                                                                                                          SHA1:BF9F0AB713F9936BDCEDB9E3BCB4344343C9A443
                                                                                                                                                                                                          SHA-256:93E51218422FFB8D862E9B0FD4F6583CF7B0DA501807563CB59A92C1E758635D
                                                                                                                                                                                                          SHA-512:7F429ABCE30B625EDEB94FD11BE351D6BDA97ECC4D040FD17982841A28AD957A2448E922EE227C0EF87CB44F4370C4D2BD5581A9C0C08B7D2E82F4ACB4122B1B
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$..........C.}y..}y..}y.e.z..}y.e.|.x}y......}y...}..}y...|..}y...z..}y.e.}..}y......}y...}..}y.|.}.+}y..}y..}y.,.}..}y.e.x..}y..}x.p|y...p..}y...y..}y......}y..}...}y...{..}y.Rich.}y.................PE..L...t..f...............&.h........................@...........................%.....p.%...@.........................@.......(........P.............H^%..+....$.,...8...............................x...@............................................text...Jg.......h.................. ..`.rdata...S.......T...l..............@..@.data....m.......H..................@....rsrc.......P......................@..@.reloc..,.....$.......$.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\aswOfferTool.exe.lzma

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 2459976
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):929521
                                                                                                                                                                                                          Entropy (8bit):7.999775395145798
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:24576:AROuGbFrR92uE9ZT7rfx21fVR5TDV8re4IwrQHkrAj/OB:Q7yD2P9ZD6tT3pjWYM
                                                                                                                                                                                                          MD5:0C57AA86ED56612510D456B1A15940BF
                                                                                                                                                                                                          SHA1:2205FD30FF9391F0966FDD2DC2883B447BA69395
                                                                                                                                                                                                          SHA-256:A0608823C0534E03A22ED2EF1D37CFA0F79BF61A1E9BC8EAEE06E4BAB4BED859
                                                                                                                                                                                                          SHA-512:7AA001D9D0B85398FEF953CDFDCD0DFDC417EDEB6F6BEEFB79E69CE6282D5762F4FED721A8BF6EB5D0D691017B7EF7569338972B275CA264E616832166239408
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@.H.%......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N.........l.....i.'.]....2...z.#8,[.....+.....vLN.i....y..o.O..?........z7......w}....WJ).M..B/..8Q...\7....E+.D.2.\>...7R.{..~..}..o_..T..sUCo@yp...5Md1...lW.N."S.[..1...h,.z....V.[..;..r'.[..h6.~..].o.-..;S.HpM+.....C.N..s.^....c.../#..%N.....!...|...G.//..b..x......g.o..X=...}.s........[Y|i...}%..&t./.V...u_S.S....[.l._..?..........D%e.U..I.a..J%.w...Q..p...iP....^.....8..b.%h..<..:...AeM1$...a1Sg...4>......&5.xy.d!.6]9..G.PT%.>u....b%B+ ..4.,..3]....^.%.D.5..D...'pPjN...;..b...tK..*...'....o.Qo...4Z0o...#....*.g.f^....yR.>.ai;g}.P..`C.....sA.o.....l..3...k.......<.....xQKN.......E:..B....3.?kR-.,_...8....p..t...`.R..P..A.#..w.f~...?...(+.I.....U...c...P.f1..:m.B...6.<..7.K(D....Kx..5,..z../V..c.q.\....tx..m..@..[ .{..(..(0.m$.$...j.x...3......7.4..G.|...~..f..{..X...c.5g..'...V...6......a...qQ..7.........B.`..t>l...J...V..R=@2}=..=.q.8...dc.."5{w.*........

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\bug_report.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5857608
                                                                                                                                                                                                          Entropy (8bit):6.512826474361067
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:hQaHegpcW/vQXw+Z4RBe3xtrlU5JU5OgtR/7I/o:hQaH3QsneLrlU5JU5OgtR/7
                                                                                                                                                                                                          MD5:0A10C85A6F8D84B7A8123F2B7A233B49
                                                                                                                                                                                                          SHA1:5B2540B05F3F2712D2002EF8DABBEEDE2E581CC2
                                                                                                                                                                                                          SHA-256:7DCB3284D637FB01ACA0AA743BAB8AB85DE550C34E1BD91BE164D415C4DFB461
                                                                                                                                                                                                          SHA-512:E1AE5587795651FC4950325A112E38D895B7C1282D3C1196565A4CFDF2F65D0974C0F4FDD64226F682098142FBB34AF19C8E41BFE9020AA76246913B04092668
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$...................X......X...U.......................................A.......I...................A......X......X............................}.................Rich....................PE..d.....f.........."....&..<....................@.............................0Z......tY...`......................................... .N.......N.h.....Y.......V.....H6Y..+....Y..p....F.......................F.(.....F.@.............=..............................text...\.<.......<................. ..`.rdata........=.......<.............@..@.data........N.......N.............@....pdata........V.......U.............@..@_RDATA........Y.......X.............@..@.rsrc.........Y.......X.............@..@.reloc...p....Y..r....X.............@..B........................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\config.def

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):709
                                                                                                                                                                                                          Entropy (8bit):5.416252199173837
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:2AcW1OPqygANI+xzYN/qb0a3Uk7oMQuROfzXy9G9QV6UaAAOheMWH3zJRN16uQMm:rVAJI+dsqNUk8MQuALC933WDPN8fHGk
                                                                                                                                                                                                          MD5:4646674933D76BADF71ADF68D64DF306
                                                                                                                                                                                                          SHA1:02E3C3933CD72EE3E15201C8306203EE829D0B80
                                                                                                                                                                                                          SHA-256:BA43E79AEB801AE81AE5D9F2E188CBD7BE19D1475EFDDD19AB33CD38DBABB93D
                                                                                                                                                                                                          SHA-512:D90C210A85FEC3E87831E299A3A914A3E274EE354EE3311DF1D50EBDD9E4BD5D29CBC1FC1C58167EB7759306129DE84FD908B96C2B8C6E4EEADD922B7A6D062D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=100.0..updatable=1..[offer.browser.asb]..decision_type=1..download_url=https://cdn-av-download.avgbrowser.com/avg_secure_browser_setup.exe..enable=1..priority=1..ui.offer=welcome..[Signature]..Signature=ASWSig2A60B5F3B40337B573DA04A4B8AC38106B745BF0BC2D8F741348F7E3D8CF7CFA3973D39423EA742327341CEC8C6385A1A570593CC9B960D35CB75E6A6F31CC52F7ASWSig2A

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\config.def.edat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21186
                                                                                                                                                                                                          Entropy (8bit):5.687658749059012
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:DFJ7eXHtcV2gFJi0YblA+V4H3p+xHBG1srr7dl913e6c8oaKAX:77e98JiM+4HCBWw/13ev8orAX
                                                                                                                                                                                                          MD5:E2C253EC2206D562423751AEE112C1F9
                                                                                                                                                                                                          SHA1:0B9E7C0E99093674418A81DE39DFCD87614DAEE0
                                                                                                                                                                                                          SHA-256:ECEA99057B475FE1E7B40F93D4D59818E90AE3B948001E5D88DCF908CF241F6A
                                                                                                                                                                                                          SHA-512:7CE647553F18291E06595D85CE8F631752AFB2BD62F4F4E910DC0A65F81FB9771D3ABE127F1B0D6A51B53F64C5EC080F1AD72FAAE33068C1AB838AE52A7AF15E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[WebShield.WebScanner]..VpsFileRep=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicens

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\dump_process.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3515720
                                                                                                                                                                                                          Entropy (8bit):6.52433263379008
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:0Klnv2mSZSGmeIqF/F5nY3yaTi2HBbvY8q+p7i8tZ8lArtYtPtXJ+q1cTiyKJ+jX:04nnw1athpWkE4o
                                                                                                                                                                                                          MD5:B45C1F4D2DECF7B2F453157EE51B30FE
                                                                                                                                                                                                          SHA1:5776E4A828E836D3D902F4D2378003BAC99FD764
                                                                                                                                                                                                          SHA-256:EC6AB4F0E8DE9DE8A8C3073BABA01C0BDC941F0B50742C666B121E4CE9E356C4
                                                                                                                                                                                                          SHA-512:90801BBFA9AC8FEA2B7CF4D57EC5958C9FD40022E878DE40C050F14092F51D258E88B3B71D72A8639DF2C380B92B86C4A9CC142F416CEB15992A4858B8EDC4AB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$...........Ij..Ij..Ij.....Bj......j.....Uj..O.c.Jj..O..[j..O..]j..O..=j..@...Kj.....Hj..Ij..Nj......Jj.....Pj.....@j..Ij..k..#..j..#..Hj..#.a.Hj..Ij..Kj..#..Hj..RichIj..................PE..d.....f.........."....&.T ....................@.............................P6.....T.5...`...........................................+.....d.+.......4..Y....2.....Hz5..+....5.8V....&.......................&.(...p.".@............p .p.....+.@....................text....S ......T ................. ..`.rdata..>....p ......X .............@..@.data...p.... ,..4....,.............@....pdata........2......62.............@..@.didat..P....p4.......3.............@..._RDATA........4.......3.............@..@.rsrc....Y....4..Z....3.............@..@.reloc..8V....5..X..."5.............@..B................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\edition.edat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:Jn:J
                                                                                                                                                                                                          MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                                          SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                                          SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                                          SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:15

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8207176
                                                                                                                                                                                                          Entropy (8bit):6.452332377747259
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:HPGafAP4fKA7MTWknT0AufKJKXWu1MTHlFk:vG8AP4fKAoTWknT0AufKJKXWu1MTFu
                                                                                                                                                                                                          MD5:B178E9C05511563BDF3A5097D9116197
                                                                                                                                                                                                          SHA1:8372B74199C9D2B49C79F2DF61A6734248051A8F
                                                                                                                                                                                                          SHA-256:BA37D3942A9C593900B99A86C846013422428366DC42DC3BCA944A6A0FD0A598
                                                                                                                                                                                                          SHA-512:15FE06D23A7E1F58E7B7F9038E269B146F7C183A51C7F1C9593DD9E4B1D414748997F1E21FF286383FDDC16D9DEFC5A0908E570C21E7F9E02382709456502631
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.......0...ti..ti..ti.....i..r...xi..r...gi..r...fi..r....i.....di.....Ri......vi......|i..}.u.vi.."...ni......i.....wi..ti..yi.."...pi.....ui.....Qi..ti...k......~k......ui......ui..tiq.vi......ui..Richti..................PE..d...L..f.........."....&.&W..H&.......0........@............................. ~.......}...`...........................................n.......n.......|.......x..g..H.}..+....}....(*d......................,d.(...`a[.@............@W.....@.n......................text....$W......&W................. ..`.rdata..:....@W......*W.............@..@.data...`....0o.......o.............@....pdata...g....x..h....x.............@..@.didat..p....`|.......{.............@..._RDATA.......p|.......{.............@..@.rsrc.........|.......{.............@..@.reloc.......}.......|.............@..B................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_product.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):6277960
                                                                                                                                                                                                          Entropy (8bit):6.488087009634578
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:E9d6SjG3r+9oMdIiBCdaGh13D9FiqHPP:E9dbjG3SkNaGvBFF3
                                                                                                                                                                                                          MD5:6190685F8F4A51D7A3507B4C0CF799F0
                                                                                                                                                                                                          SHA1:8ED784BD9CBB0297C51DB2FA0174EF1E4B8C48A6
                                                                                                                                                                                                          SHA-256:38BE6477DD9F4865A65808721CEE795151246340FC4D514DAE40762DA71AE8AA
                                                                                                                                                                                                          SHA-512:1A81F9939FD9C3D2A60E53C852783D54E5CA10582F5CF5C459CDBBA312E83B8329BA6BE848E029D98303043A006D8D7B77C1659CF0724D2DAD0B5B0DB83BE98F
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...................................x...........!..L.!This program cannot be run in DOS mode....$...........].~.].~.].~...}.S.~...{...~.[!..Q.~.[!z.O.~.[!{./.~.[!}.K.~.T..._.~...z.A.~...z..~...{.Y.~...x.\.~...{.v.~...z.^.~...}._.~...z.U.~.....p.~.].....~...z.\.~...{.F.~.].~.S.~...z.x.~.7!w...~.7!~.\.~.7!..\.~.]...\.~.7!|.\.~.Rich].~.................PE..d......f.........." ...&..>..n!......=$.......................................`......_`...`A..........................................S.....|.S.h....._.......].....H._..+....`.......J.......................J.(...`.J.@.............>..............................text.....>.......>................. ..`.rdata........>.......>.............@..@.data...h6....S.......S.............@....pdata........]......2\.............@..@.sdata........_.......^.............@..._RDATA........_......._.............@..@.rsrc........._......._.............@..@.reloc........`......._.............@..B........................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_product.dll.lzma

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 6277960
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1773925
                                                                                                                                                                                                          Entropy (8bit):7.999882842985942
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:24576:b52sVmaAE/N7lRu3tf1zFo0wgnwk+EE6o2o457mkLysqpJZcMHM17mfSK5QNZsEc:12s8AF7lQDzFFwIwTE/boI+KMH5mNjc
                                                                                                                                                                                                          MD5:B2B7DB3398EC7D35AD95B4A8BE4DA787
                                                                                                                                                                                                          SHA1:A1D900D12A3C08E96166B11F4A14C83DEA9B6E62
                                                                                                                                                                                                          SHA-256:39AE9C60F419854139BFC33D43843B03AED41A4D8EE842C804C2683FA6065C37
                                                                                                                                                                                                          SHA-512:2764E6750B0EEAB93085E91271A1E4EF0DB2E1B8873784B4B7E6B11441A7B02FC628478B7FEC6DEAA834351CFF9183A8E585E69A78AB1DB177D59DED708C259F
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@.H._......&..p.........../D.|....e.I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f}K..?.1J2a_.O.....A..*...T.[.k......}.M.-..'V.......;.G...t>.DX#.u....:[..3"......7,.KrY..ZNX{c.Z...3..-...'.u.-..s....T.^.....0....]...K...P.0.....w......5...P....k...S.IK..f.2...._.W.i..VL.m./a....HzZ..W.v0.N.M.5.{a.....V..D..S.....L4..>s....NY.;..7...6...N.:....!..g[.^k.....l...E:....M..(.....v.2.....K.....\.ix. ..*.A."...w...b+..e...ZG..b......6..@....'@@.....[C..[..i.j..L>N.0/....P.t.ic..#y'a.Z8...x.@..Z..o2..p.i+...[..`..m.Z..2....M.S...D.^....'.....C".......*......=H....M..y..k.F.-....-.8Kj...)..E.S.{.".5>.={z.E.s'#U..@...rn..Ub..<.TP...|"..kYPY..G2v..........2I........;........0/-.....*...I.b....me.S7R.x.ogd......Z.)..7OS.Z..k.mvi....D9@@.Z.Ap...+.j(=...`.{Rq...ZT.9f.1../..p7.<.O..k.R..=..).....9S.E.Y.i.%......a...e.s.<..GS...\P.V&DM.5N.jn..g.G.Y>y.D..N4h....R....Q.f}]..j.z..#'vF...A.~i.M.rcr..9.....s.$L.......%........(..}

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_rvrt.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):50976
                                                                                                                                                                                                          Entropy (8bit):6.695978421209108
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:6fMVFuX7Y1C7X+oAiZ8uMX07F9Kx24Zza:WMVFsSC7+K8ua0qm
                                                                                                                                                                                                          MD5:97F5D0CAAA1988C95BF38385D2CF260E
                                                                                                                                                                                                          SHA1:255099F6E976837A0C3EB43A57599789A6330E85
                                                                                                                                                                                                          SHA-256:73EE549578DED906711189EDCEF0EEDBC9DB7CCBD30CF7776BD1F7DD9E034339
                                                                                                                                                                                                          SHA-512:AD099C25868C12246ED3D4EE54CEF4DF49D5276A5696CA72EFA64869367E262A57C8FF1FB947AD2F70CAEF1D618849DBAB2EC6161C25758D9F96733A7534B18F
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................r.............../......./b............../......Rich............................PE..d....>_e.........."....%.N...(...... ..........@..........................................`.................................................\u..(.......8.......P....x.. O...........l...............................................`.. ............................text...)L.......N.................. ..`.rdata.......`.......R..............@..@.data...............................@....pdata..P............l..............@..@.rsrc...8............r..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_rvrt.exe.lzma

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 50976
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26032
                                                                                                                                                                                                          Entropy (8bit):7.993020359748391
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:768:dXkqelTjZK0JgHW7tbzdiH2P6AdRo7+lmAo:dEfJJZtwH2PJbuUo
                                                                                                                                                                                                          MD5:84B41B6779CD161AA144FCB14B5DB7AE
                                                                                                                                                                                                          SHA1:374A045376685DD0E662C8A52DA1B117E719B4F8
                                                                                                                                                                                                          SHA-256:57B66C4F8F7DD6B808EACE56846ECCEA4B8CC09568B7DBABC0E59ADD50D739C9
                                                                                                                                                                                                          SHA-512:9D501EBB4335ECE860F1806EDFF4C85652962B8B01534C8FAD3904E56AB8058135D7835BDA170CE2D65C392EF39350FF7C0CBDEBC336E3B68136992E634B6B80
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@. ........&..p.........../D.|...G'_..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y../.e+.Y.1~...~y. .....}..N..H.)G'P0..K..*..?.."...c.|..p.z.m!*..D...P.X..@~..E.B.T....5.7o..Y[C.......1.f..]?.........*......W....z.V.b}.H....h0......>./...w.K..}.o..Tm....V|.2.,f.U.......C@.]..e_.&....3....5NC.:.Tm..A3...:.q'Pj2}.m...1k.s.T....O. .....sq.&PaB...=.F.f.F]..;..'...W....{i8......Ki.u.i..2#..*....L.........F......~..x.W..@.J..X..*.'....0t.g.B....b....Z...@~<...8QZLR..2>_.X....=q...%..r*....oP......B.*&..wjV.........`..-..K.=.&r....*....Mi...q..{!..P.aF........-)D.9...r.iE..3..Q.....}.'....o.VL.3.].fW...,......R....<.P.l./.>.%3...{K>...=0..m.B.....f.=...E.^3...."n{.kw..-./-.,..D.d0..$*...rq$...=...g...._n~...H.....p.I..e..U..(._.5.W..y.7.r.^......?|h..\;$.IW....E..N..$.....>..:..."....v.`Jya.MF.\.>.N...\.....I.m.*e.+.Ut....._...xo.[$.M.Q..V_..X.~.XO..'M;.*.(.@....X.d.{..g...0Lx.C....*......`w.o].....O5.'..Y..........y:}..w.....$.b.{....b..IJ..

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\icarus_ui.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12355400
                                                                                                                                                                                                          Entropy (8bit):6.575346743980645
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:DPkuwtZB9sRaWX1/gEf+7x3xVUJrqNuG:DcuwtWX1/1mth6JrqNR
                                                                                                                                                                                                          MD5:6B2077C64EE0FF998E2FBC1D9E3331C1
                                                                                                                                                                                                          SHA1:E10DB878BFC6653E571A752C491410757B0AAD4D
                                                                                                                                                                                                          SHA-256:C686CDD74A82DFFD852BFE5B739BD2022835B25941D394935B0EF0EC18453F8E
                                                                                                                                                                                                          SHA-512:F1D65E3BF0F4E83D2A61F40E842AB752C137FA872537BC93E091F05373449748999C072EA0CBFB6C353CCB6EADF9697DB7237E89FDBDA018733C0AA8B106462B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$..........L.zj..zj..zj.R.i..zj.R.o.Xzj......zj...n..zj...o..zj...i..zj.R.n..zj...n.|zj...o.mzj......zj.C.n..zj..zj..zj...o..zj...i..zj...n..zj.R.k..zj..zk."yj...c..{j...j..zj......zj..z...zj...h..zj.Rich.zj.........PE..d.....f.........."....&.$...va......k.........@.............................@......mg....`..........................................R.......S.......`.......0..h...H\...+...p..................................(...@...@............@...............................text....".......$.................. ..`.rdata...j%..@...l%..(..............@..@.data... r4.........................@....pdata..h....0.......h..............@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\product-def.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1326725
                                                                                                                                                                                                          Entropy (8bit):5.393225248894363
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:aqiBrS3XIq+W20lihJYsbYmSkG8uDOVB9EjcJ44B5T+kqDBqCsq:aqiBrS2MihJbbpSkG8uDOVB9TRfZqFq6
                                                                                                                                                                                                          MD5:64E9654EDBF448A82E04DD5FC0587FF8
                                                                                                                                                                                                          SHA1:8326E5931263B5A1A4E032326E06C7764A0D748E
                                                                                                                                                                                                          SHA-256:E27CE9139C203B6FB8EA8B8D82D50EDEB2466DF76377DB241AB31F47AF561134
                                                                                                                                                                                                          SHA-512:B6065191A2B173DF182DC9B4159E3B6BB715659D353AECF98702A3F0728553E5D193E8FEA7FA8236994C004D89D452F4DDD15552E868F0DB2A7785B2F0162B6F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\product-info.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9649
                                                                                                                                                                                                          Entropy (8bit):5.273780607164147
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:+2RjUS0VmNETL/ZmSStpUzLoHGVlg1sKYxCwexPK8AEMRzyzW2rsq:++vKmNYAtkvDleVzaeWcT
                                                                                                                                                                                                          MD5:3695F2E718958E15D63A8CB2C273608B
                                                                                                                                                                                                          SHA1:D1D7BA90C3DF2BAFE396F59429F19FAC8AF16211
                                                                                                                                                                                                          SHA-256:CC2CA580DA5B640C05276FFE2E08E8B769BF6B8D0158A93023BBCC031AF74749
                                                                                                                                                                                                          SHA-512:1F1DAC317196B320A3060441579318525C4C9B0E57B203E81A7FC9D651EF71FCA79DF09CBB8F330DE04F88D1EB4B78EF08DE47CAC5074EE7249901E6BEFC6E84
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.9.9452.2135</version>..<build-time>1726655619</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>4c3eed0441406ddeadf69e99b62da68a216bdb798f8451a55324a02ec4800edc</sha-256>....<timestamp>1726655544</timestamp>....<size>7293256</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>ba37d3942a9c593900b99a86c846013422428366dc42dc3bca944a6a0fd0a598</sha-256>....<timestamp>1726655545</timestamp>....<size>8207176</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<name

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\avg-av\setupui.cont

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):391044
                                                                                                                                                                                                          Entropy (8bit):7.99950093995657
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:6144:MFvsbMYNT/9s832RY3TRz0UE7clnj5QJ0WkkC4DEvWugdib:8sbMYNT/dymRz0MNlqgv5Aib
                                                                                                                                                                                                          MD5:326F541D5CF5F3DBBFC69A4FBD409389
                                                                                                                                                                                                          SHA1:FD59C5062E80CFD58E5F4DFE1FDF129AFD2DD145
                                                                                                                                                                                                          SHA-256:3A9BC34B6B2C36180DCA72E2D1C706269D1501EBD9B2C37E39E9E8D5F7D54E5C
                                                                                                                                                                                                          SHA-512:A88DA5AB25041442ADED224503864CBD4D370A2866D93E563F2686D590C683462F99FA37BA595C1260EE46FFCC5F35AF51F1423E77EFF1A36F1CC2857D7A3F6A
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:.7zXZ...i".6..!.....F.;...3.M].0...?..Lm.K%. .6.X.....L.@#........EG.6... ...9..L..5.$.e....=.8......],P,....V..E. }?[..u$...{.vv.<.nd....<.....\...A...VmC...@...-...j....J*....b.T..0.G.H.9"~..W).S......;".C..z.%k...7;i.!)7.;I.. a...T..d.%.#.F....$...(..a.-..gR...L7.#.:..1..L...Y.m..I.a....2.]..s,~.{4..e....>$..6....T.@.....k.....z.$'....d.)9.w:...y...(9.4.k.;.d..(.`d\V.O...I.%...'...G....D".wD'..,..........i]...i...`;."......X..g....a..H:....k......$..w.4...g....:Q].....!..n..6....L.......~....^...+......z.W.[/<e8...J~y..y".._.Z.eD..=+..@ 7u..c.D......S.....a>.&. ..y...YHNK..Od ...E.DZ.c.....Hb...t...H..H1-.z..(..s..Y..N...j..a..3.s........1...F...o.+..GW.3.g.......7.^.....f..D.-='...(.N.R.. U..B....F_...t9.N...m;"..[....4k.U..)b...a..Ol..C.V.yJ....R..l.'.........N.....t......cW.[......IK'.f......n.w.0...0. .]...=..'`.v....%\.F;..Om4..v.Y.-z...]..B.z..xbV1..<...n...........KVf]..}2.&.........v..F.Z.37.Gs.p}.l.`.e.r...`Y..o.....$m

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\4735a029-12aa-4d80-8a98-d2adaa6b7209

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 8207176
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2479319
                                                                                                                                                                                                          Entropy (8bit):7.9999448249710525
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:49152:rVLBHGpV9jeCaueYk6ntmAYHV+oYbp4ztT2fo8kUuu3sO:rV9HWVgCauek0HV+V6tT2EUu3O
                                                                                                                                                                                                          MD5:B207DEAB4C93FC1F11DA1C6F7F082333
                                                                                                                                                                                                          SHA1:006C3189018FC1D13CBAEB504F6D2B691E80941E
                                                                                                                                                                                                          SHA-256:4D05A86165067BF5527600517378682C5B2D5861A8E7516330803438701613B2
                                                                                                                                                                                                          SHA-512:06D07F6D25A59EB89205D26C6F7EDB09B861CEC159B34A9EDB5F0EDC5DB35DAE4830E0EB93A4050E11E8CF368709E6943D7F06833539FC99D8D8FD77BEB00DB3
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@.H;}......&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f~.*8.A.#C..._c+....j........R...N%x.Bb...F.t#....Ri6...\....i.9Ow..%\&Q..l..c...t9>....E].Az...............3....j).&.$..<.8..W..2.|g.........iQ.S.=.o&9|..r.).!c.tfGXNw'f{.4m....*l$H...2.2..{..P. .<>..8j.B[p.m..!Z..w.}5.F2.L..............yP2..rU6...u...l..Y.Q..=.....(...i8..dJT.b..+.yo.R..7..........6.7......K...qyh..j.c.B.........t.M....R.@V...#2z.,...`Y..&.Gm...q.k.q.*Y6...a.C...pf.2...eO.....?..W.v.....~g.8....PVU.......>d.%u.O.)4.0....O."+Y.;...\.(I.T.]..Q.....Qf;KP..6]$Za@..cL..t...*.j.......<IE.QL.....Z..E.ohQ..._.<M..\q......s...:.~.t;....s.Z./.o..i.aH.V..^:z..$...}">Q..Z........G8>.k$y...}....H.C%...4|..-..v~@C.A...K.~.....]..fw.....y....C..b........u..|Y.@......L.9..J.P!..j.;..d.g..M....[.@X@.2.[...^.*.v..P".{. .....d...*W.A..dJh.|.&..c......7BM.....2|5.*..e^wI.:....b..>=U^..!q......0Q..c..+....Xo~.({C!2x.w9....s....^...W..W...G.A....[.\[.

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\482aad38-cfc0-46e2-a327-1a45c191b5bf

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 12355400
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4008359
                                                                                                                                                                                                          Entropy (8bit):7.999957357266098
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:98304:9K18NVsz2miXmkkTuNioFVFdU2QltV/q+v4ncPa:9EWVsiVzuuNRO2qR0nga
                                                                                                                                                                                                          MD5:3AEBD5448E89CD33C0D85D96A2E973B6
                                                                                                                                                                                                          SHA1:AE66E0D4F6B64D81540FE2CBB7D358F690FB7334
                                                                                                                                                                                                          SHA-256:C824E0063F7A15D84A72EC2017792A86D34F110E15FB50DCC596AA2AF8B0B20E
                                                                                                                                                                                                          SHA-512:FB65C43F6894BE7D616AA3E17E78E7A7165F2E88093E7BFFC2D0388267F5249A8F9F5ABF3EA4EFB69A32903F8272CBE892981B72404E3959A0EADE8451F928EE
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]....H........&..p.........../D.|......e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg.@....R=.V..](..:l.N....u..<..)h.....4.a.....<G=....J..._..Q%........c.I.....6.H..*.._..z.c.m....,..._C.../9...zl......v..W..%cJ.>.m.!b...+C<.c2...z.5Iy.....tr.I.L.P.....^....VG..+.6(..1.B...`.......C9C.L.....6.W.RH>..!....J..). .\N.i.yW6*.~8.r..%X...k#_...:.)P......M....sR}...|.(n.x..Ok|.i...<.I>P..5k_-.0i...E....k],.."/{b+dK...~u.n.#...8...t;:!....A.s....2.?$.iJ.)...,.,l1JxxtB..iMM...].HT...8..V.9..l..F....y..g..|....._C.%@.R.5.t6...3#"JF._... P...l.....w.......=.A......w.-W#.N'I1Z.5..ej..(..a.....P...~../{.....'.p..yL1ag.q..?.....^.G.o.#.l.4O.....g...i.,O...}e<..j-..i#.N.........}."..V.A.....p..d 8......;E6...'...=.Ht..{&>h...^.V...7..I.....]..}......VO.6.......;.Qg.9....g.i.."f.TL.....s..J ./..T..-.~.1..^..KJ$........C..I.....r.B.r..'...;..."..BwV...G.....)..\...1.u..#t. K..&..j... .G..zg.s....#;m..2..g..#.F..f...1/..,3.[s'. ...vt.a7.L.]lX.t../..[`pi.....

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\68f5bff6-fd4b-403f-88c3-c513a63f6773

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 15688
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9884
                                                                                                                                                                                                          Entropy (8bit):7.9817191520734845
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6531Z21UcdFW07eHIJY/qB/IcCl9bhbTpXy/olyApmMriRvS6:Re3u1UcdFIOY/qBAdnTpeosApmoiJS6
                                                                                                                                                                                                          MD5:D6EC630BC31AE1AE5D238DD3B454A7DE
                                                                                                                                                                                                          SHA1:A864F11693B085EFF6743ACB25ABD615A1AE9E6A
                                                                                                                                                                                                          SHA-256:6C4E8DB0FBAFBDC9B90BEB3009D6ED9568119F2616A38D7C65C54F13F088EE8C
                                                                                                                                                                                                          SHA-512:B2740635D5C510152E680EC88D57E4F479F33E08FF5600603D4FDFF8959A30382543DF6CF76F7720D33EE2E5BC0A921E44A7BF62C9737F1A1ACE9DA6BD3127BD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:]..@.H=.......&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....L.c.Jc..k_....P....u*....E.~.Y.......0....\..D...1G.F...v.M.u..$2.;.........td....C...z.....|........olf...e}....d..?wCM.c?.A...A....5.aQ..g..*.b.......1...p0.c....!.6..^..,.g.C. .<..'.;i..=I.,x......K...<f...c$p.eb..we..(.Y.'..p...p?e..8..;C.....I....\.4=m...F....r8.K@9.H..j ....F....1.I.%*Z....:..(...E...5..x?..=.N|.-..^...C..4...)..\..W.c.v?Fe...sE=...h. .fx....L Z...:...y...8.O.6.....3..M<.D.....R.n.fl?%b..M....1=;M.+|...I...J*.....[.wA.'AT.-.r,.3.F....g.5Z.>`...."Z..Va(.f=...&...7.8.&....5..+........p......N|...P..:.a.U6.Z.8j......x9l......|.K.....S...Q...A(<.../.f.1.....4.!....b.1...h..#.\!..S?.bM.$Y...J...D...a6..x..sm....}~3^Hh.(n......A.7t.".^..S..X....{.../.%X...Ve!_l.....o...S....%*,...z.....f.6by.3...H..a...b....,...+:$.'...l..eh.6.4m~PRN.....v5./_....;.x:...h.)...jN..Lu..L...*8=Z|5Y..A.).nS`q.ph..[%..g..v.....&)....I.4.....Q.x.._z}....-.....Ux

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\6c4ecc2e-228f-48c2-ab14-fb091aa0edf4

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 5857608
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1816156
                                                                                                                                                                                                          Entropy (8bit):7.999888745483468
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:49152:rZlBKYqX0GYNddibSxXdzIO9lHmlUetirBO/0cS/kY:rZvxqXaTnNzFKUewdg0b/kY
                                                                                                                                                                                                          MD5:65A5BE66B625A435F077526F5F3638FB
                                                                                                                                                                                                          SHA1:EC2C6B221E45576BBE9128269DA76456541ABFC9
                                                                                                                                                                                                          SHA-256:13DA927C03C7351B42FB40845D6F0C92865AC30746EDCDCC629CB26F43DCD9A5
                                                                                                                                                                                                          SHA-512:D1FE28A9F6174CF269610D9639BC898B3BD0FA4DF86F5C1B9FB317C6B4FEB996A8CDF3C6A75398A17930BDFC7577DB116D47147E5EAA2C0A12BD87D393B3577A
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@.HaY......&..p.........../D.|......e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg..6...'...7.*.v|}y.l..b)(.q.p..lY.`>..q.b?{.8.......8p.R=.x.a.....H..8.R...~..2qjM.8...e..J...+9N..............v......%..;~...e..y....T.BI.......?..b*..uj \.7}..w...~..W.^.2....IF......c4k...o...W7Y....g.U..c.x.x.e_.H...|Gb:V.=...{.#..TU]...u.*].@]...E...+j.....?..?...*.*..V..E/..tW%z..4.L.S..w...-l."?9..#.>......84W....y@.'..eI...}y\XkZ.B3..2%.>f.....=9mI.....J\{X...5......!n...l.H....._.b.+i<...Z...+.E.%@...=4O.e.."......7.6B..DX{3GB....4.2..K.`od)4..\..-4.I....B./V...Z.w..8P...6V(5.P.j..w..~l.......GC.tw.Y..._....i.V.z.VK......;...e...t..Z}H..a......I.,.|.f..x..BWH'V+....,M......@_Sf..j...k.Es.v.c.=$Md%C.yz.V....+l.X.....4H.bC.A..6.x.C..]r.9...j..g.\\*m!1.......y..9.....@Tb?..Y..X.._..,.|e..,.Bi.../..J..y..zD.qo..O...t.ypQ,.%... .Y&..nH.7....u1Yr..?..=J.c..E.,QO3......L.Q.%.#Rb.......j.h.X.G=...A..o)...X2.....r..c.....i.rX.^eN.~0v..u..1

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\af28a54b-4928-4a10-ada1-9dc7ec0f8ba9

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 391044
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):396500
                                                                                                                                                                                                          Entropy (8bit):7.99951440013991
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:6144:uAimsZt3Hkz141mGgNdljuVhgIDfwXARmfAFmaLXNpco3YPHOFQR3V9SUc:8TREh41mGgNm6IjwXAbBrPoHOFk3VAD
                                                                                                                                                                                                          MD5:B27AD3983349E5E9CCD780652ECB27B9
                                                                                                                                                                                                          SHA1:A2ADC919D05F512E4D0C84B8C2C81BEC821BED1A
                                                                                                                                                                                                          SHA-256:535A50DE59F01482A9404F40C126053DF0A36C974F7ECEF4A7DBDA65AFDF4996
                                                                                                                                                                                                          SHA-512:34DDAEEFAE6FF655306306CC8D3AED6D4F1E0877F1ACA3C5686EFC0EA59F2EC20F658DA714471DC7DCA20DE1C29BC9E4223EA38A1241FC113C689D3DE3721402
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@..........~..E..8... .rZ.~0.eg6.....~P!...D.....V.em...znt.7.{*.W3.w>..5....-...r....>.*o....I......P..fU.......e=N+.?.....l..L.J.[=F}}...xFa.F...v=.))......._VI7T.o.g.p... d........J.."2>.U_......m.Ko.HZ.........<.X.S.,.....<....jZ.u.I......s6.....g.t..#.. .*.&4c/...m.$.m.MY..d%.d.Te.,....(%h.W...;.s5.=.......~!...E.....}[..X......R.....x:....#Z.s..)..).a.nTW..p..r..?<.I.p .M......\S"....+...|....i6......7...j.v..u`2o,|.Ab]+p..H....fp..)9,{K..nZT...g..)...;.6....$....UB...l$..bqK.$..:........]D..-I.....d...[E .c.a..s.w`."..I.t7.gk..df8.?.3..Rk.02S.raw..M.K.i]...<...rYmC:.\h.D.IZ...X..g........Vd.D..g>......a..3.%}.fNa..R..L.[........t.4....-..H...^...`.w.d{x...h....I....0..m!...5.4.......L........n..$>U........c...Z..i..{v3....H...2y..jWH'].c.c.1.7...Yp~.7......".VOfE..c7.ee.K).B.AQ.ULd'.KK9){..R...<..`q.o..i.....U..5.....R.....cMp....:o...w...,g.../j...W. -....AE.T'..$..8.x#..I@Q.4.'.4.6.......".y>...r#...1..#=1.c..s..P.M.8s...>.D.Ym

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\bug_report.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5857608
                                                                                                                                                                                                          Entropy (8bit):6.512826474361067
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:98304:hQaHegpcW/vQXw+Z4RBe3xtrlU5JU5OgtR/7I/o:hQaH3QsneLrlU5JU5OgtR/7
                                                                                                                                                                                                          MD5:0A10C85A6F8D84B7A8123F2B7A233B49
                                                                                                                                                                                                          SHA1:5B2540B05F3F2712D2002EF8DABBEEDE2E581CC2
                                                                                                                                                                                                          SHA-256:7DCB3284D637FB01ACA0AA743BAB8AB85DE550C34E1BD91BE164D415C4DFB461
                                                                                                                                                                                                          SHA-512:E1AE5587795651FC4950325A112E38D895B7C1282D3C1196565A4CFDF2F65D0974C0F4FDD64226F682098142FBB34AF19C8E41BFE9020AA76246913B04092668
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$...................X......X...U.......................................A.......I...................A......X......X............................}.................Rich....................PE..d.....f.........."....&..<....................@.............................0Z......tY...`......................................... .N.......N.h.....Y.......V.....H6Y..+....Y..p....F.......................F.(.....F.@.............=..............................text...\.<.......<................. ..`.rdata........=.......<.............@..@.data........N.......N.............@....pdata........V.......U.............@..@_RDATA........Y.......X.............@..@.rsrc.........Y.......X.............@..@.reloc...p....Y..r....X.............@..B........................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\dump_process.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):3515720
                                                                                                                                                                                                          Entropy (8bit):6.52433263379008
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:0Klnv2mSZSGmeIqF/F5nY3yaTi2HBbvY8q+p7i8tZ8lArtYtPtXJ+q1cTiyKJ+jX:04nnw1athpWkE4o
                                                                                                                                                                                                          MD5:B45C1F4D2DECF7B2F453157EE51B30FE
                                                                                                                                                                                                          SHA1:5776E4A828E836D3D902F4D2378003BAC99FD764
                                                                                                                                                                                                          SHA-256:EC6AB4F0E8DE9DE8A8C3073BABA01C0BDC941F0B50742C666B121E4CE9E356C4
                                                                                                                                                                                                          SHA-512:90801BBFA9AC8FEA2B7CF4D57EC5958C9FD40022E878DE40C050F14092F51D258E88B3B71D72A8639DF2C380B92B86C4A9CC142F416CEB15992A4858B8EDC4AB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$...........Ij..Ij..Ij.....Bj......j.....Uj..O.c.Jj..O..[j..O..]j..O..=j..@...Kj.....Hj..Ij..Nj......Jj.....Pj.....@j..Ij..k..#..j..#..Hj..#.a.Hj..Ij..Kj..#..Hj..RichIj..................PE..d.....f.........."....&.T ....................@.............................P6.....T.5...`...........................................+.....d.+.......4..Y....2.....Hz5..+....5.8V....&.......................&.(...p.".@............p .p.....+.@....................text....S ......T ................. ..`.rdata..>....p ......X .............@..@.data...p.... ,..4....,.............@....pdata........2......62.............@..@.didat..P....p4.......3.............@..._RDATA........4.......3.............@..@.rsrc....Y....4..Z....3.............@..@.reloc..8V....5..X..."5.............@..B................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\e088cdd7-929e-4b5a-b532-74b6a7a8f605

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 1326725
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):144190
                                                                                                                                                                                                          Entropy (8bit):7.99867427042036
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:3072:CkRHTb7lGFZtoSbkhleRl8a2nWELFq2nNU3D+E2smC4KNU8j6CFgNDn:CkXUFDoB6l8a2nSEtE2eU8jV0n
                                                                                                                                                                                                          MD5:F8E0FC53E5D9A054DADB630BC3074B59
                                                                                                                                                                                                          SHA1:4CBEB145DEDE41F77778CCEC9CF9131E520577F0
                                                                                                                                                                                                          SHA-256:FD629B541B7DEEADADE2E283F1C5A36E26745DD6BE3E74039950B818B8FF5154
                                                                                                                                                                                                          SHA-512:DD14433525242507930223966D23DEB2A159140E8AC9560206D3DBD29A0428E38AE97523477AA7C8A2434BBB99E6D4263C17ECEC69F63712ABF3EB989F2018C1
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@..>.............f......{3....&.7d..>$....`K...H.......4...^.a.)....0C:.6..n.f.c...j...$Px...........X.PMf$5.B....O..DN....[.d..s..s..M..:B..(.N..L.?7=~Rg.[...N!."..8......1uW.#....;u<Q..MC..Kl.#.9!U.3N..N...^....Gp..a.@....-.m..Q...c.6.....]..vK..I..(.<..s.1h.r..)y.]!J9%...*/.(]X...%."....Y.,.J.......Z..T,....u1.&......n..&.!E$Dn<..;."....@..90H$Jk4..{i%.@^...q;.%.t!......Md..fJp) m.0..>3......hs...Y.4..<...Q8.$.@.n...u..N..X..ia.f..o.."....b<...^X...z.U;..[..[....A.`.W.0.X..l...v.GfM.9..y..q... $.....4E..Xd..[l.>..R...z../KjC*d..9J...!.O..U.^.l..].S).zLS.[90....O."0...kX[$V!...b{...1&.*@a{....|.Bg.....d0K.KGS.....r.h.]m.9..}.>Y.Ha..Sh.\.UgmX.......Hm.!8.?..k..r)..z.M........bc0:...N9?Qf.w78.....j.C y...;...V8.8..'....HE.Ur..A.,.4.....k.:'Vm.M.J.`..V....*.`.U#...\.8.G.`:......7...P."~.T....|...n......qsm.|..a....L......M580...............e...c1.9.8B.i<..@..~...5..&......kl@..<%8./H..R.),.\.G....0...G....NQ.~O....T.s.p...w.....KjX,

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\ede2c28e-ba2a-4c13-92ac-ce68045195ae

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:LZMA compressed data, non-streamed, size 3515720
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1022946
                                                                                                                                                                                                          Entropy (8bit):7.999832489557521
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:24576:XsWytpZvN32+/CBICJaJDfdYczabn+27D4Dhl:8WoZvNGvICJaJDfCccH8z
                                                                                                                                                                                                          MD5:85E3413083D6499D3F3732BB3795FB73
                                                                                                                                                                                                          SHA1:B70EB0A2D49A6CE199F1B937DF367D07D731A1E8
                                                                                                                                                                                                          SHA-256:ADBFBDBF2D217CFF9877F2CB916B6FA6DE1B2110C752DB26C04C5E5ABBDAA42B
                                                                                                                                                                                                          SHA-512:3688F27CCD2A460E1285722AB2FD24BA619312707F0ED6D8B39DEFBBCF19F77139987912D72729281A429D624E9C387D86993DB4A5F94CFB213887064B302898
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:]..@.H.5......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N.......j..u-.r...........u.t..h.........x..B.......<.B..y...A..F.=.i.R.W..3gK.6.X........3...YM.?.k.W.H...\<.$..g.9r+..j.8...b.L..wM...y.R!u...e.1...M.e.|}7.b>.p5zH..s.b...5....g.c..:......r...<}..+}(g..UcD.Z...g.<........i......h.QY.^...`.......oV.6..R.e;s.(dA!.2.........;.}..`>%t.F..S.I..!5.$.....\.G.x.P...t..n.)...F..7..r..:Z./.h......2..k...g..{......U....8....?8......-.f.y/..w.%...@...q .O..H..'..A..k=r........Md..x'.M@.K.:h<....d..~P....&R.'.....x..G...U=.yF..d.L7...p..Z9..L...K.g..I.........D...^m.............mo......X..K.XX..D.......9.C.p...q.{.7.1.3l{59.^bC.._...v&..........U.}J./{...8.#D..B.}1I..).20;'...#.R...O.$.]b..Q....3.*U.!.....:..&?$.6Jq..7.e........r).Z.j..E:^.j....w.,.v..Z>.T.D7......o..PGJ<..#.D.".g0o._..P......&e....91!.....j....`.;...:dz.j2T.3.|.n.;H......uS...]m.J8.,.4?<.z....j.aX.....jK.Mu<....?n..(..y.7."..?p....Nne..cn..=.

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8207176
                                                                                                                                                                                                          Entropy (8bit):6.452332377747259
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:HPGafAP4fKA7MTWknT0AufKJKXWu1MTHlFk:vG8AP4fKAoTWknT0AufKJKXWu1MTFu
                                                                                                                                                                                                          MD5:B178E9C05511563BDF3A5097D9116197
                                                                                                                                                                                                          SHA1:8372B74199C9D2B49C79F2DF61A6734248051A8F
                                                                                                                                                                                                          SHA-256:BA37D3942A9C593900B99A86C846013422428366DC42DC3BCA944A6A0FD0A598
                                                                                                                                                                                                          SHA-512:15FE06D23A7E1F58E7B7F9038E269B146F7C183A51C7F1C9593DD9E4B1D414748997F1E21FF286383FDDC16D9DEFC5A0908E570C21E7F9E02382709456502631
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.......0...ti..ti..ti.....i..r...xi..r...gi..r...fi..r....i.....di.....Ri......vi......|i..}.u.vi.."...ni......i.....wi..ti..yi.."...pi.....ui.....Qi..ti...k......~k......ui......ui..tiq.vi......ui..Richti..................PE..d...L..f.........."....&.&W..H&.......0........@............................. ~.......}...`...........................................n.......n.......|.......x..g..H.}..+....}....(*d......................,d.(...`a[.@............@W.....@.n......................text....$W......&W................. ..`.rdata..:....@W......*W.............@..@.data...`....0o.......o.............@....pdata...g....x..h....x.............@..@.didat..p....`|.......{.............@..._RDATA.......p|.......{.............@..@.rsrc.........|.......{.............@..@.reloc.......}.......|.............@..B................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus_mod.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):15688
                                                                                                                                                                                                          Entropy (8bit):6.95503985774912
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:wO/gdxgZWIYiifoi1/wfT3ir2WSx7bLgfj:tVZLYiiy3iPmbLGj
                                                                                                                                                                                                          MD5:A0E61F6A178A498FC127C019BA2DCC24
                                                                                                                                                                                                          SHA1:CD3D3DE94BC152B9C51090B3FE6A03EB053F435B
                                                                                                                                                                                                          SHA-256:525E717A0E3CE0C1C92209926F5FE71E3764AC82EAE6D4AD22A7941A4110D848
                                                                                                                                                                                                          SHA-512:CB23DBDEC077262AF31C2D4A3F83C2162E0B5F0067CF969F082DD268DBD048FBEE6A79935AA4DD9DCBAF3131D00F2A8A8888ADE814ADA29678995023CE385768
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................................*........Rich..................PE..L......f...........!...&..................... ...............................P............@E........................ !..\....#..<....0..............H....+...@..(.... ............................................... .. ............................text...U........................... ..`.rdata....... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus_ui.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):12355400
                                                                                                                                                                                                          Entropy (8bit):6.575346743980645
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:196608:DPkuwtZB9sRaWX1/gEf+7x3xVUJrqNuG:DcuwtWX1/1mth6JrqNR
                                                                                                                                                                                                          MD5:6B2077C64EE0FF998E2FBC1D9E3331C1
                                                                                                                                                                                                          SHA1:E10DB878BFC6653E571A752C491410757B0AAD4D
                                                                                                                                                                                                          SHA-256:C686CDD74A82DFFD852BFE5B739BD2022835B25941D394935B0EF0EC18453F8E
                                                                                                                                                                                                          SHA-512:F1D65E3BF0F4E83D2A61F40E842AB752C137FA872537BC93E091F05373449748999C072EA0CBFB6C353CCB6EADF9697DB7237E89FDBDA018733C0AA8B106462B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$..........L.zj..zj..zj.R.i..zj.R.o.Xzj......zj...n..zj...o..zj...i..zj.R.n..zj...n.|zj...o.mzj......zj.C.n..zj..zj..zj...o..zj...i..zj...n..zj.R.k..zj..zk."yj...c..{j...j..zj......zj..z...zj...h..zj.Rich.zj.........PE..d.....f.........."....&.$...va......k.........@.............................@......mg....`..........................................R.......S.......`.......0..h...H\...+...p..................................(...@...@............@...............................text....".......$.................. ..`.rdata...j%..@...l%..(..............@..@.data... r4.........................@....pdata..h....0.......h..............@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\product-def.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1326725
                                                                                                                                                                                                          Entropy (8bit):5.393225248894363
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:aqiBrS3XIq+W20lihJYsbYmSkG8uDOVB9EjcJ44B5T+kqDBqCsq:aqiBrS2MihJbbpSkG8uDOVB9TRfZqFq6
                                                                                                                                                                                                          MD5:64E9654EDBF448A82E04DD5FC0587FF8
                                                                                                                                                                                                          SHA1:8326E5931263B5A1A4E032326E06C7764A0D748E
                                                                                                                                                                                                          SHA-256:E27CE9139C203B6FB8EA8B8D82D50EDEB2466DF76377DB241AB31F47AF561134
                                                                                                                                                                                                          SHA-512:B6065191A2B173DF182DC9B4159E3B6BB715659D353AECF98702A3F0728553E5D193E8FEA7FA8236994C004D89D452F4DDD15552E868F0DB2A7785B2F0162B6F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\product-info.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):9649
                                                                                                                                                                                                          Entropy (8bit):5.273780607164147
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:+2RjUS0VmNETL/ZmSStpUzLoHGVlg1sKYxCwexPK8AEMRzyzW2rsq:++vKmNYAtkvDleVzaeWcT
                                                                                                                                                                                                          MD5:3695F2E718958E15D63A8CB2C273608B
                                                                                                                                                                                                          SHA1:D1D7BA90C3DF2BAFE396F59429F19FAC8AF16211
                                                                                                                                                                                                          SHA-256:CC2CA580DA5B640C05276FFE2E08E8B769BF6B8D0158A93023BBCC031AF74749
                                                                                                                                                                                                          SHA-512:1F1DAC317196B320A3060441579318525C4C9B0E57B203E81A7FC9D651EF71FCA79DF09CBB8F330DE04F88D1EB4B78EF08DE47CAC5074EE7249901E6BEFC6E84
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.9.9452.2135</version>..<build-time>1726655619</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>4c3eed0441406ddeadf69e99b62da68a216bdb798f8451a55324a02ec4800edc</sha-256>....<timestamp>1726655544</timestamp>....<size>7293256</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>ba37d3942a9c593900b99a86c846013422428366dc42dc3bca944a6a0fd0a598</sha-256>....<timestamp>1726655545</timestamp>....<size>8207176</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<name

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\setupui.cont

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):391044
                                                                                                                                                                                                          Entropy (8bit):7.99950093995657
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:6144:MFvsbMYNT/9s832RY3TRz0UE7clnj5QJ0WkkC4DEvWugdib:8sbMYNT/dymRz0MNlqgv5Aib
                                                                                                                                                                                                          MD5:326F541D5CF5F3DBBFC69A4FBD409389
                                                                                                                                                                                                          SHA1:FD59C5062E80CFD58E5F4DFE1FDF129AFD2DD145
                                                                                                                                                                                                          SHA-256:3A9BC34B6B2C36180DCA72E2D1C706269D1501EBD9B2C37E39E9E8D5F7D54E5C
                                                                                                                                                                                                          SHA-512:A88DA5AB25041442ADED224503864CBD4D370A2866D93E563F2686D590C683462F99FA37BA595C1260EE46FFCC5F35AF51F1423E77EFF1A36F1CC2857D7A3F6A
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:.7zXZ...i".6..!.....F.;...3.M].0...?..Lm.K%. .6.X.....L.@#........EG.6... ...9..L..5.$.e....=.8......],P,....V..E. }?[..u$...{.vv.<.nd....<.....\...A...VmC...@...-...j....J*....b.T..0.G.H.9"~..W).S......;".C..z.%k...7;i.!)7.;I.. a...T..d.%.#.F....$...(..a.-..gR...L7.#.:..1..L...Y.m..I.a....2.]..s,~.{4..e....>$..6....T.@.....k.....z.$'....d.)9.w:...y...(9.4.k.;.d..(.`d\V.O...I.%...'...G....D".wD'..,..........i]...i...`;."......X..g....a..H:....k......$..w.4...g....:Q].....!..n..6....L.......~....^...+......z.W.[/<e8...J~y..y".._.Z.eD..=+..@ 7u..c.D......S.....a>.&. ..y...YHNK..Od ...E.DZ.c.....Hb...t...H..H1-.z..(..s..Y..N...j..a..3.s........1...F...o.+..GW.3.g.......7.^.....f..D.-='...(.N.R.. U..B....F_...t9.N...m;"..[....4k.U..)b...a..Ol..C.V.yJ....R..l.'.........N.....t......cW.[......IK'.f......n.w.0...0. .]...=..'`.v....%\.F;..Om4..v.Y.-z...]..B.z..xbV1..<...n...........KVf]..}2.&.........v..F.Z.37.Gs.p}.l.`.e.r...`Y..o.....$m

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\ecoo.edat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                                                          Entropy (8bit):3.422577995321604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                                          MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                                          SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                                          SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                                          SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                                          C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1962
                                                                                                                                                                                                          Entropy (8bit):5.4053428016699785
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cEYpk3QzT4zgRAOInIOdLhSljX1jVRe2lEkjM:0WWk0InIutmjXBVQ2FjM
                                                                                                                                                                                                          MD5:6F27940C3D99483F7EECAECA61BEF015
                                                                                                                                                                                                          SHA1:E743893AC25FF2926573348E338D1CFB56D19474
                                                                                                                                                                                                          SHA-256:8FB5B74CA601671B017480D9F99914B13962E70A6B42E368A0D56FD6822AB328
                                                                                                                                                                                                          SHA-512:37F121D550CCB9006DB34FCE6876B0DB4651B58DDA5A50A0F2575B516217F9032AAB9F6B31153DF3D20F2750255618F1CC35F3FE7C033D159DA09AC9F5657FAC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>.<icarus-info xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">..<file-mapping-sfx>...<handle>27c</handle>...<size>1698200</size>..</file-mapping-sfx>..<file-list>...<file>....<alias>sfx-info.xml</alias>....<sha-256>8e456e6787fb8d94f883bfe4b24729809b4ab1b7db77cd689bba071b41c2d2d6</sha-256>....<offset>1677894</offset>....<size>717</size>....<timestamp>1726732699</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/edition.edat</alias>....<sha-256>e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb</sha-256>....<offset>1678688</offset>....<size>2</size>....<timestamp>1726732699</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/config.def.edat</alias>....<sha-256>ecea99057b475fe1e7b40f93d4d59818e90ae3b948001e5d88dcf908cf241f6a</sha-256>....<offset>1678770</offset>....<size>8290</size>....<timestamp>1726732504</timestamp>....<flags>1</flags>...</file>..</file-list>..<sfx-dir>C:\Windows\Temp\asw.1b43cf27

                                                                                                                                                                                                          C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1698200
                                                                                                                                                                                                          Entropy (8bit):6.76349414914279
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:Vyxo91SfHpooooEPcP7PRGijGi1r3e4Uvr:VyxESfHXPRGijux
                                                                                                                                                                                                          MD5:4DE05BCEF050AB8FA30941A9E3454645
                                                                                                                                                                                                          SHA1:F2A566C350ED654408CE401DB793C994F842E9AC
                                                                                                                                                                                                          SHA-256:FD94EDEF9FB4665ECC48CA1E92C8841059DF3CEFA59B74F7AB93D2814765EF44
                                                                                                                                                                                                          SHA-512:D635BAA5CA861B8EECA7614FB5D0E33F22D0808404CE6664CFD0A42EF2E865BE6B17820A942F8614BF5B920A5E1A882DC4D63706C25B4B39DDBCCF37196028E5
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......jZ...;.}.;.}.;.}.I.|!;.}.I.|.;.}(.:}*;.}(..|:;.}(..|4;.}(..|B;.}.I.|7;.}.U.|+;.}'CT},;.}xN.|/;.}.;.}";.}.I.|/;.}.I.|9;.}.;.}.:.}D..|.;.}D..|/;.}D.8}/;.}.;P}-;.}D..|/;.}Rich.;.}........................PE..L...-..f...............&.:..........0........P....@.................................g.....@.................................h...........@r...............+... ......$................................]..@............P...............................text...z8.......:.................. ..`.rdata...c...P...d...>..............@..@.data...P...........................@....didat..T............J..............@....rsrc...@r.......t...L..............@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\asw.1b43cf27584cc1f7\ecoo.edat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                                                          Entropy (8bit):3.422577995321604
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                                          MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                                          SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                                          SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                                          SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                                          C:\Windows\Temp\~DF2FF18F60B6BF1F5C.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.4549069462350444
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:Z8PhNuRc06WX4UnT5Qda7rDS7qdpCSIN8lgk:UhN1knTxHD4k
                                                                                                                                                                                                          MD5:CB94174582345DD87BC0B4D76DF19D2D
                                                                                                                                                                                                          SHA1:7A5D44B4EE5405B56634B60176BC1140C9AB6CEF
                                                                                                                                                                                                          SHA-256:7BBF72E2C10F9AE50384F18D7888039F373260F0EB6D604786A1F543058F3D36
                                                                                                                                                                                                          SHA-512:C9E0D7BA52B188698C719D202D525D14C95E0A7467598CB1DE5526C77948F6D83859C6731313789752C8AB08E5297998C3B3CF834A2FED522DB112BEB6EBE1BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF427CE8CA9E4F8963.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                          Entropy (8bit):1.4549069462350444
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:Z8PhNuRc06WX4UnT5Qda7rDS7qdpCSIN8lgk:UhN1knTxHD4k
                                                                                                                                                                                                          MD5:CB94174582345DD87BC0B4D76DF19D2D
                                                                                                                                                                                                          SHA1:7A5D44B4EE5405B56634B60176BC1140C9AB6CEF
                                                                                                                                                                                                          SHA-256:7BBF72E2C10F9AE50384F18D7888039F373260F0EB6D604786A1F543058F3D36
                                                                                                                                                                                                          SHA-512:C9E0D7BA52B188698C719D202D525D14C95E0A7467598CB1DE5526C77948F6D83859C6731313789752C8AB08E5297998C3B3CF834A2FED522DB112BEB6EBE1BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF502C8DD7B8227F7A.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.07728575714935673
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOpIWzraCtjBER9J1iVky6l51:2F0i8n0itFzDHFiqjBER9JTr
                                                                                                                                                                                                          MD5:87FC8CE0A19F2A7AE5AB2EDCB62F907D
                                                                                                                                                                                                          SHA1:B370BCD4C62ADFEB1F140C1524ECEA12B310707C
                                                                                                                                                                                                          SHA-256:AB970EEF0513B00293AAD24A43E25E9101B5220FB59291752E63E2841A35E9EA
                                                                                                                                                                                                          SHA-512:CEA19F21C4393A92BED63D2E3ADDF97C7C0932F4844935F1F0DA5F337D8EC206138C0D01D0002ADDEB4282981C58221640163AF724FF9231B3E9F1B48B23E3EE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF51EF80ACA9A1CD43.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):69632
                                                                                                                                                                                                          Entropy (8bit):0.09974138448695195
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:NkQpN8l5ipVvipVJVgd85apGkZklr+uC8+Bxd85mJC:Nk0N8l5S9S7qdpUrP4d
                                                                                                                                                                                                          MD5:0F3C10CA608AA3D611CE36FA6CA055E5
                                                                                                                                                                                                          SHA1:1E1EABF4B0B0FAED6E5D97FC3972A9121FDB34C9
                                                                                                                                                                                                          SHA-256:6F7A179D7BF81F795A972D016B79A53AEDA6EF325A7907DBFAE5F28B21314617
                                                                                                                                                                                                          SHA-512:03E12ACEC2B4FA35FDFDAD3D93F69201BC8E5A9F23425CE02EEC804D3705A88900735940BBF28608E0ACB1B384EA0F2C38DAC81A4E38106E54A5D1A1AD539FB5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF5373413D56821262.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.172662766970895
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jiW1unZM+xFX4rT5Rda7rDS7qdpCSIN8lgk:B1goTYHD4k
                                                                                                                                                                                                          MD5:E775B0D6B83FBA9312FB8D1CF51F5AA1
                                                                                                                                                                                                          SHA1:F16C1F056F320BAE3C9390983AB56D938DA8E4B6
                                                                                                                                                                                                          SHA-256:E3C81646B747DB0CC456D7C37317DE82C06E4A0B36EDE88BFF43A68ECEB33876
                                                                                                                                                                                                          SHA-512:675F3E8162A0BF277B340B60D02E5A545C8631DF75A18ADBBFBFDD680870156A61CD74F9139517CD5176C576F20569A6E021E57BB74E8046907436EB9A7A5CFD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF6B2E5A2FB03680A1.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF72E2499E3E92A477.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF846EA5F763ED445E.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DF8BAB6A8E3A6EEFC6.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFAEE3C18AFE1F55B8.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.172662766970895
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jiW1unZM+xFX4rT5Rda7rDS7qdpCSIN8lgk:B1goTYHD4k
                                                                                                                                                                                                          MD5:E775B0D6B83FBA9312FB8D1CF51F5AA1
                                                                                                                                                                                                          SHA1:F16C1F056F320BAE3C9390983AB56D938DA8E4B6
                                                                                                                                                                                                          SHA-256:E3C81646B747DB0CC456D7C37317DE82C06E4A0B36EDE88BFF43A68ECEB33876
                                                                                                                                                                                                          SHA-512:675F3E8162A0BF277B340B60D02E5A545C8631DF75A18ADBBFBFDD680870156A61CD74F9139517CD5176C576F20569A6E021E57BB74E8046907436EB9A7A5CFD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFB62E0F08D0DB682D.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):512
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\Temp\~DFEA31FADE21C3D622.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):1.172662766970895
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:jiW1unZM+xFX4rT5Rda7rDS7qdpCSIN8lgk:B1goTYHD4k
                                                                                                                                                                                                          MD5:E775B0D6B83FBA9312FB8D1CF51F5AA1
                                                                                                                                                                                                          SHA1:F16C1F056F320BAE3C9390983AB56D938DA8E4B6
                                                                                                                                                                                                          SHA-256:E3C81646B747DB0CC456D7C37317DE82C06E4A0B36EDE88BFF43A68ECEB33876
                                                                                                                                                                                                          SHA-512:675F3E8162A0BF277B340B60D02E5A545C8631DF75A18ADBBFBFDD680870156A61CD74F9139517CD5176C576F20569A6E021E57BB74E8046907436EB9A7A5CFD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Entropy (8bit):7.99560029488531
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                          • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                          • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                          • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                          File name:SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
                                                                                                                                                                                                          File size:29'932'568 bytes
                                                                                                                                                                                                          MD5:647a2177841aebe2f1bb1b3767f41287
                                                                                                                                                                                                          SHA1:446575615e7fcc9c58fb04cad12909a183a2eb15
                                                                                                                                                                                                          SHA256:07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c
                                                                                                                                                                                                          SHA512:f3165aec7a4b7adb7e6ffca56812f769b7b085000d50bf235ca1c7e74d76dfb5549de9561e281623c734c2dec9fc37b54af572c3e97fcb9fb1411102ae3da0c0
                                                                                                                                                                                                          SSDEEP:786432:5l3LNCxuEnwFho+zM77UDZiZCd08jFZJAI5E70TZFHi6t:5l3LMEXFhV0KAcNjxAItjFt
                                                                                                                                                                                                          TLSH:5F67333FB264747ED8AE5E324A739250997B6A60781F8C1E07F0480DCF365711E3AA5B
                                                                                                                                                                                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Entrypoint:0x4b5eec
                                                                                                                                                                                                          Entrypoint Section:.itext
                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                          Time Stamp:0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                          Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                                                          Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                          Error Number:0
                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                          • 11/05/2023 01:00:00 11/05/2025 00:59:59
                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                          • CN=EngineGame, O=EngineGame, S=Tel Aviv, C=IL
                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                          Thumbprint MD5:91E70EEDB6FAA14A2CAC55AA04E394DC
                                                                                                                                                                                                          Thumbprint SHA-1:DB97E8AD1FC01EB0CC39C354F5DB2E8B065C048F
                                                                                                                                                                                                          Thumbprint SHA-256:652294C5E648282E1B193DBACCEF545098AF49E60F6176F97A28903CBA4B0870
                                                                                                                                                                                                          Serial:2DDFF16E80007EF97AAD7E4F2CF2E34C

                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                          add esp, FFFFFFA4h
                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                          push esi
                                                                                                                                                                                                          push edi
                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                          mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                          mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                          mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                          mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                          mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                          mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                          mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                          mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                          mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                          mov eax, 004B10F0h
                                                                                                                                                                                                          call 00007F9B18713D55h
                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                          push 004B65E2h
                                                                                                                                                                                                          push dword ptr fs:[eax]
                                                                                                                                                                                                          mov dword ptr fs:[eax], esp
                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                          push 004B659Eh
                                                                                                                                                                                                          push dword ptr fs:[edx]
                                                                                                                                                                                                          mov dword ptr fs:[edx], esp
                                                                                                                                                                                                          mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                          call 00007F9B187B647Fh
                                                                                                                                                                                                          call 00007F9B187B5FD2h
                                                                                                                                                                                                          lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                          call 00007F9B187297C8h
                                                                                                                                                                                                          mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                          mov eax, 004C1D84h
                                                                                                                                                                                                          call 00007F9B1870E947h
                                                                                                                                                                                                          push 00000002h
                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                          push 00000001h
                                                                                                                                                                                                          mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                          mov dl, 01h
                                                                                                                                                                                                          mov eax, dword ptr [004237A4h]
                                                                                                                                                                                                          call 00007F9B1872A82Fh
                                                                                                                                                                                                          mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                          push 004B654Ah
                                                                                                                                                                                                          push dword ptr fs:[edx]
                                                                                                                                                                                                          mov dword ptr fs:[edx], esp
                                                                                                                                                                                                          call 00007F9B187B6507h
                                                                                                                                                                                                          mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                          mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                          cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                          jne 00007F9B187BCAEAh
                                                                                                                                                                                                          mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                          mov edx, 00000028h
                                                                                                                                                                                                          call 00007F9B1872B124h
                                                                                                                                                                                                          mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x4800.rsrc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x1c890780x2ba0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                          Sections

                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                          .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .rsrc0xc70000x48000x48009ce043cc8ed8e76b0da14bab902ba23eFalse0.3162977430555556data4.422592801275048IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                          Resources

                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                          RT_ICON0xc74c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                                                                                                                          RT_ICON0xc75f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                                                                                                                          RT_ICON0xc7b580x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                                                                                                                          RT_ICON0xc7e400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                                                                                                                          RT_STRING0xc86e80x360data0.34375
                                                                                                                                                                                                          RT_STRING0xc8a480x260data0.3256578947368421
                                                                                                                                                                                                          RT_STRING0xc8ca80x45cdata0.4068100358422939
                                                                                                                                                                                                          RT_STRING0xc91040x40cdata0.3754826254826255
                                                                                                                                                                                                          RT_STRING0xc95100x2d4data0.39226519337016574
                                                                                                                                                                                                          RT_STRING0xc97e40xb8data0.6467391304347826
                                                                                                                                                                                                          RT_STRING0xc989c0x9cdata0.6410256410256411
                                                                                                                                                                                                          RT_STRING0xc99380x374data0.4230769230769231
                                                                                                                                                                                                          RT_STRING0xc9cac0x398data0.3358695652173913
                                                                                                                                                                                                          RT_STRING0xca0440x368data0.3795871559633027
                                                                                                                                                                                                          RT_STRING0xca3ac0x2a4data0.4275147928994083
                                                                                                                                                                                                          RT_RCDATA0xca6500x10data1.5
                                                                                                                                                                                                          RT_RCDATA0xca6600x2c4data0.6384180790960452
                                                                                                                                                                                                          RT_RCDATA0xca9240x2cdata1.2045454545454546
                                                                                                                                                                                                          RT_GROUP_ICON0xca9500x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                          RT_VERSION0xca9900x584dataEnglishUnited States0.26628895184135976
                                                                                                                                                                                                          RT_MANIFEST0xcaf140x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                                                          Imports

                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                          kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                          comctl32.dllInitCommonControls
                                                                                                                                                                                                          version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                          user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                          oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                          netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                          advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                          Exports

                                                                                                                                                                                                          NameOrdinalAddress
                                                                                                                                                                                                          TMethodImplementationIntercept30x454060
                                                                                                                                                                                                          __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                          dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                          DutchNetherlands
                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                          Start time:17:28:42
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:29'932'568 bytes
                                                                                                                                                                                                          MD5 hash:647A2177841AEBE2F1BB1B3767F41287
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                          Start time:17:28:43
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-6B2IA.tmp\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.tmp" /SL5="$20418,29027361,780800,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:3'025'312 bytes
                                                                                                                                                                                                          MD5 hash:2C94C19646786C4EE5283B02FD8CE5A5
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                          Start time:17:29:20
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                                                                                                                                                                                          Imagebase:0xe60000
                                                                                                                                                                                                          File size:1'184'128 bytes
                                                                                                                                                                                                          MD5 hash:143255618462A577DE27286A272584E1
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                          Start time:17:29:22
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ
                                                                                                                                                                                                          Imagebase:0x2b0000
                                                                                                                                                                                                          File size:234'936 bytes
                                                                                                                                                                                                          MD5 hash:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                          Start time:17:29:24
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:5'727'368 bytes
                                                                                                                                                                                                          MD5 hash:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                          Start time:17:29:25
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:27'406'384 bytes
                                                                                                                                                                                                          MD5 hash:E0F666FE4FF537FB8587CCD215E41E5F
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                          Start time:17:29:25
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.1b43cf27584cc1f7\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /ga_clientid:aebce588-2047-4838-96b4-2abc3f1c4a20 /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7
                                                                                                                                                                                                          Imagebase:0x2a0000
                                                                                                                                                                                                          File size:1'698'200 bytes
                                                                                                                                                                                                          MD5 hash:4DE05BCEF050AB8FA30941A9E3454645
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                          Start time:17:29:26
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-BFQ63.tmp\CheatEngine75.tmp" /SL5="$10484,26511452,832512,C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:3'223'968 bytes
                                                                                                                                                                                                          MD5 hash:9AA2ACD4C96F8BA03BB6C3EA806D806F
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                          Start time:17:29:27
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"net" stop BadlionAntic
                                                                                                                                                                                                          Imagebase:0x7ff7c43c0000
                                                                                                                                                                                                          File size:59'904 bytes
                                                                                                                                                                                                          MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                          Start time:17:29:27
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                          Start time:17:29:28
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\net1 stop BadlionAntic
                                                                                                                                                                                                          Imagebase:0x7ff79ed40000
                                                                                                                                                                                                          File size:183'808 bytes
                                                                                                                                                                                                          MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                          Start time:17:29:28
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"net" stop BadlionAnticheat
                                                                                                                                                                                                          Imagebase:0x7ff7c43c0000
                                                                                                                                                                                                          File size:59'904 bytes
                                                                                                                                                                                                          MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                          Start time:17:29:28
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                          Imagebase:0x7ff7d9970000
                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                          Start time:17:29:28
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\net1 stop BadlionAnticheat
                                                                                                                                                                                                          Imagebase:0x7ff79ed40000
                                                                                                                                                                                                          File size:183'808 bytes
                                                                                                                                                                                                          MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                          Start time:17:29:29
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"sc" delete BadlionAntic
                                                                                                                                                                                                          Imagebase:0x7ff6e93c0000
                                                                                                                                                                                                          File size:72'192 bytes
                                                                                                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                          Start time:17:29:29
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                          Start time:17:29:29
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"sc" delete BadlionAnticheat
                                                                                                                                                                                                          Imagebase:0x7ff6e93c0000
                                                                                                                                                                                                          File size:72'192 bytes
                                                                                                                                                                                                          MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                          Start time:17:29:29
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                          Start time:17:29:29
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-RLAH2.tmp\_isetup\_setup64.tmp
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:helper 105 0x40C
                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                          File size:6'144 bytes
                                                                                                                                                                                                          MD5 hash:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                          Start time:17:29:30
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                          Start time:17:29:30
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\icacls.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                                                                                                                                                                                          Imagebase:0x7ff7e2300000
                                                                                                                                                                                                          File size:39'424 bytes
                                                                                                                                                                                                          MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                          Start time:17:29:30
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                          Start time:17:29:36
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\nsr5349.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                                                          Imagebase:0xf00000
                                                                                                                                                                                                          File size:1'910'576 bytes
                                                                                                                                                                                                          MD5 hash:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                          Start time:17:29:39
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:242'616 bytes
                                                                                                                                                                                                          MD5 hash:9AF96706762298CF72DF2A74213494C9
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                          Start time:17:29:41
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\GUM7F29.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                                                          Imagebase:0x170000
                                                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                          Start time:17:29:43
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:268'704 bytes
                                                                                                                                                                                                          MD5 hash:9A4D1B5154194EA0C42EFEBEB73F318F
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                          Start time:17:29:44
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\icacls.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
                                                                                                                                                                                                          Imagebase:0x7ff7e2300000
                                                                                                                                                                                                          File size:39'424 bytes
                                                                                                                                                                                                          MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                          Start time:17:29:44
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                          Imagebase:0x7ff70f010000
                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                          Start time:17:29:47
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
                                                                                                                                                                                                          Imagebase:0x5b0000
                                                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                          Start time:17:29:48
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
                                                                                                                                                                                                          Imagebase:0x5b0000
                                                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                          Start time:17:29:48
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                          Imagebase:0x7ff72a070000
                                                                                                                                                                                                          File size:438'592 bytes
                                                                                                                                                                                                          MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                          Start time:17:29:48
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                          Imagebase:0x7ff72a070000
                                                                                                                                                                                                          File size:438'592 bytes
                                                                                                                                                                                                          MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:38
                                                                                                                                                                                                          Start time:17:29:49
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                          Imagebase:0x7ff72a070000
                                                                                                                                                                                                          File size:438'592 bytes
                                                                                                                                                                                                          MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                          Start time:17:29:49
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
                                                                                                                                                                                                          Imagebase:0x5b0000
                                                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                          Start time:17:29:50
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
                                                                                                                                                                                                          Imagebase:0x5b0000
                                                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                          Start time:17:29:50
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
                                                                                                                                                                                                          Imagebase:0x5b0000
                                                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                                          Start time:17:29:51
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                          Imagebase:0x7ff73d860000
                                                                                                                                                                                                          File size:69'632 bytes
                                                                                                                                                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:43
                                                                                                                                                                                                          Start time:17:29:54
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0MzOEZBMEI2LTM5NTItNEZGQS1CQzQxLTM1RTgwN0M5RUQ5M30iIHVzZXJpZD0iezA5MUMwMDkxLTI0MUMtNDIwQS04ODhBLUUyMDg5OUU5ODA3NX0iIHVzZXJpZF9kYXRlPSIyMDI0MTAxMyIgbWFjaGluZWlkPSJ7MDAwMDdBNUMtMjRCNS1EM0Q0LTNCMDktOUREQTc5RDYwM0ZEfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMDEzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezdCOEUxNzU2LTA5MkQtNEQzQS1BQjEyLTk5MjRCRkMyRjEzOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iOTYxMCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                                                          Imagebase:0x5b0000
                                                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                                          Start time:17:29:54
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:399'264 bytes
                                                                                                                                                                                                          MD5 hash:F921416197C2AE407D53BA5712C3930A
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:45
                                                                                                                                                                                                          Start time:17:29:54
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{C38FA0B6-3952-4FFA-BC41-35E807C9ED93}" /silent
                                                                                                                                                                                                          Imagebase:0x5b0000
                                                                                                                                                                                                          File size:440'608 bytes
                                                                                                                                                                                                          MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:46
                                                                                                                                                                                                          Start time:17:29:54
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:16'708'024 bytes
                                                                                                                                                                                                          MD5 hash:910DE25BD63B5DA521FC0B598920C4EC
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:47
                                                                                                                                                                                                          Start time:17:29:54
                                                                                                                                                                                                          Start date:13/10/2024
                                                                                                                                                                                                          Path:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-7710405a-b1b3-4eb6-86fe-5cf77236152f\icarus-info.xml /install /silent /ws /psh:92pTu5hvrwhS3vSPR52DTrx3KxpPc0dhv7aWFTHVhgXZV8V8wzTGpdpeuHMloNuGAy8EUQEYDzh7hQ /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.1b43cf27584cc1f7 /track-guid:aebce588-2047-4838-96b4-2abc3f1c4a20
                                                                                                                                                                                                          Imagebase:0x7ff7f5280000
                                                                                                                                                                                                          File size:8'207'176 bytes
                                                                                                                                                                                                          MD5 hash:B178E9C05511563BDF3A5097D9116197
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 0018FDE8 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2537109725.000000000018E000.00000004.00000010.00020000.00000000.sdmp, Offset: 0018E000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_18e000_SecuriteInfo.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4a1c30d10f50ce501c8d687132685218c400b61293b54c62952010d16fe35b63
                                                                                                                                                                                                            • Instruction ID: dcb8acfba5cdfda1fa2c5d167fe6b6f300463c71791ca037f25a2fcbbb9e7091
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a1c30d10f50ce501c8d687132685218c400b61293b54c62952010d16fe35b63
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D9100224093D29BCB13EF38D9A1A937FB1EF03324B6D46EDE5814E013E3654666CB91

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:6.3%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                            Signature Coverage:6.5%
                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                            Total number of Limit Nodes:40
                                                                                                                                                                                                            execution_graph 97744 ee97ac 97745 ee97bc 97744->97745 97748 ed293c 97745->97748 97774 ed269d 97748->97774 97751 ed29a9 97752 ed28da DloadReleaseSectionWriteAccess 8 API calls 97751->97752 97753 ed29b4 RaiseException 97752->97753 97754 ed2ba2 97753->97754 97755 ed2ab8 97759 ed2b74 97755->97759 97762 ed2b16 GetProcAddress 97755->97762 97756 ed2a45 LoadLibraryExA 97757 ed2a58 GetLastError 97756->97757 97758 ed2aa6 97756->97758 97761 ed2a81 97757->97761 97771 ed2a6b 97757->97771 97758->97755 97760 ed2ab1 FreeLibrary 97758->97760 97780 ed28da 97759->97780 97760->97755 97765 ed28da DloadReleaseSectionWriteAccess 8 API calls 97761->97765 97762->97759 97764 ed2b26 GetLastError 97762->97764 97763 ed29cd 97763->97755 97763->97756 97763->97758 97763->97759 97769 ed2b39 97764->97769 97767 ed2a8c RaiseException 97765->97767 97767->97754 97768 ed28da DloadReleaseSectionWriteAccess 8 API calls 97770 ed2b5a RaiseException 97768->97770 97769->97759 97769->97768 97772 ed269d ___delayLoadHelper2@8 7 API calls 97770->97772 97771->97758 97771->97761 97773 ed2b71 97772->97773 97773->97759 97775 ed26ca 97774->97775 97776 ed26a9 97774->97776 97775->97751 97775->97763 97788 ed2743 97776->97788 97778 ed26ae 97778->97775 97793 ed286c 97778->97793 97781 ed28ec 97780->97781 97782 ed290e 97780->97782 97783 ed2743 DloadReleaseSectionWriteAccess 4 API calls 97781->97783 97782->97754 97784 ed28f1 97783->97784 97785 ed2909 97784->97785 97786 ed286c DloadProtectSection 3 API calls 97784->97786 97800 ed2910 GetModuleHandleW GetProcAddress GetProcAddress ReleaseSRWLockExclusive DloadGetSRWLockFunctionPointers 97785->97800 97786->97785 97798 ed26d0 GetModuleHandleW GetProcAddress GetProcAddress 97788->97798 97790 ed2748 97791 ed2760 AcquireSRWLockExclusive 97790->97791 97792 ed2764 97790->97792 97791->97778 97792->97778 97794 ed2881 DloadObtainSection 97793->97794 97795 ed2887 97794->97795 97796 ed28bc VirtualProtect 97794->97796 97799 ed2782 VirtualQuery GetSystemInfo 97794->97799 97795->97775 97796->97795 97798->97790 97799->97796 97800->97782 97801 f05192 97818 f02e1c 97801->97818 97803 f051a0 97804 f051ce 97803->97804 97805 f051af 97803->97805 97807 f051e9 97804->97807 97808 f051dc 97804->97808 97834 eed73d 97805->97834 97813 f051fc 97807->97813 97837 f0555a 16 API calls __wsopen_s 97807->97837 97809 eed73d __Wcscoll 14 API calls 97808->97809 97814 f051b4 97809->97814 97811 f0527b 97823 f053c0 97811->97823 97813->97811 97813->97814 97816 f0526e 97813->97816 97838 f0ec2a 97813->97838 97816->97811 97845 f055f5 15 API calls 2 library calls 97816->97845 97819 f02e28 97818->97819 97820 f02e3d 97818->97820 97821 eed73d __Wcscoll 14 API calls 97819->97821 97820->97803 97822 f02e2d 97821->97822 97822->97803 97824 f02e1c __CreateFrameInfo 14 API calls 97823->97824 97825 f053cf 97824->97825 97826 f05472 97825->97826 97827 f053e2 97825->97827 97828 f05ee6 __wsopen_s 68 API calls 97826->97828 97829 f053ff 97827->97829 97831 f05423 97827->97831 97832 f0540c 97828->97832 97849 f05ee6 97829->97849 97831->97832 97846 f06972 97831->97846 97832->97814 98004 f01e00 14 API calls 2 library calls 97834->98004 97836 eed742 97836->97814 97837->97813 97839 f0ec44 97838->97839 97840 f0ec37 97838->97840 97842 f0ec50 97839->97842 97843 eed73d __Wcscoll 14 API calls 97839->97843 97841 eed73d __Wcscoll 14 API calls 97840->97841 97844 f0ec3c 97841->97844 97842->97816 97843->97844 97844->97816 97845->97811 97872 f067ea 97846->97872 97848 f06988 97848->97832 97850 f05ef2 __FrameHandler3::FrameUnwindToState 97849->97850 97851 f05f12 97850->97851 97852 f05efa 97850->97852 97854 f05fad 97851->97854 97858 f05f44 97851->97858 97966 eed72a 14 API calls __dosmaperr 97852->97966 97969 eed72a 14 API calls __dosmaperr 97854->97969 97855 f05eff 97857 eed73d __Wcscoll 14 API calls 97855->97857 97862 f05f07 97857->97862 97923 f0ace1 EnterCriticalSection 97858->97923 97859 f05fb2 97861 eed73d __Wcscoll 14 API calls 97859->97861 97861->97862 97862->97832 97863 f05f4a 97864 f05f66 97863->97864 97865 f05f7b 97863->97865 97867 eed73d __Wcscoll 14 API calls 97864->97867 97924 f05fd8 97865->97924 97869 f05f6b 97867->97869 97868 f05f76 97968 f05fa5 LeaveCriticalSection __wsopen_s 97868->97968 97967 eed72a 14 API calls __dosmaperr 97869->97967 97873 f067f6 __FrameHandler3::FrameUnwindToState 97872->97873 97874 f06816 97873->97874 97875 f067fe 97873->97875 97876 f068c7 97874->97876 97881 f0684b 97874->97881 97905 eed72a 14 API calls __dosmaperr 97875->97905 97908 eed72a 14 API calls __dosmaperr 97876->97908 97879 f06803 97882 eed73d __Wcscoll 14 API calls 97879->97882 97880 f068cc 97883 eed73d __Wcscoll 14 API calls 97880->97883 97895 f0ace1 EnterCriticalSection 97881->97895 97888 f0680b 97882->97888 97883->97888 97885 f06851 97886 f06875 97885->97886 97887 f0688a 97885->97887 97889 eed73d __Wcscoll 14 API calls 97886->97889 97896 f068f6 97887->97896 97888->97848 97891 f0687a 97889->97891 97906 eed72a 14 API calls __dosmaperr 97891->97906 97892 f06885 97907 f068bf LeaveCriticalSection __wsopen_s 97892->97907 97895->97885 97909 f0af5d 97896->97909 97898 f06908 97899 f06910 97898->97899 97900 f06921 SetFilePointerEx 97898->97900 97901 eed73d __Wcscoll 14 API calls 97899->97901 97902 f06939 GetLastError 97900->97902 97904 f06915 97900->97904 97901->97904 97920 eed707 14 API calls 3 library calls 97902->97920 97904->97892 97905->97879 97906->97892 97907->97888 97908->97880 97910 f0af6a 97909->97910 97913 f0af7f 97909->97913 97921 eed72a 14 API calls __dosmaperr 97910->97921 97912 f0af6f 97916 eed73d __Wcscoll 14 API calls 97912->97916 97917 f0afa4 97913->97917 97922 eed72a 14 API calls __dosmaperr 97913->97922 97915 f0afaf 97918 eed73d __Wcscoll 14 API calls 97915->97918 97919 f0af77 97916->97919 97917->97898 97918->97919 97919->97898 97920->97904 97921->97912 97922->97915 97923->97863 97925 f0600b 97924->97925 97926 f05ffa 97924->97926 97925->97868 97927 f05ffe 97926->97927 97929 f0604e 97926->97929 97987 eed72a 14 API calls __dosmaperr 97927->97987 97931 f06061 97929->97931 97970 f0698d 97929->97970 97930 f06003 97932 eed73d __Wcscoll 14 API calls 97930->97932 97973 f05b7f 97931->97973 97932->97925 97936 f060b6 97938 f060ca 97936->97938 97939 f0610f WriteFile 97936->97939 97937 f06077 97940 f060a0 97937->97940 97941 f0607b 97937->97941 97944 f060d5 97938->97944 97945 f060ff 97938->97945 97942 f06133 GetLastError 97939->97942 97956 f060ed 97939->97956 97989 f0576d 53 API calls 7 library calls 97940->97989 97948 f06096 97941->97948 97988 f05b17 6 API calls __wsopen_s 97941->97988 97942->97956 97949 f060da 97944->97949 97950 f060ef 97944->97950 97980 f05bf0 97945->97980 97948->97925 97953 f06183 97948->97953 97954 f06159 97948->97954 97949->97948 97951 f060df 97949->97951 97991 f05db4 8 API calls 3 library calls 97950->97991 97990 f05ccb 7 API calls 2 library calls 97951->97990 97953->97925 97960 eed73d __Wcscoll 14 API calls 97953->97960 97957 f06160 97954->97957 97958 f06177 97954->97958 97956->97948 97961 eed73d __Wcscoll 14 API calls 97957->97961 97993 eed707 14 API calls 3 library calls 97958->97993 97962 f0619b 97960->97962 97963 f06165 97961->97963 97994 eed72a 14 API calls __dosmaperr 97962->97994 97992 eed72a 14 API calls __dosmaperr 97963->97992 97966->97855 97967->97868 97968->97862 97969->97859 97971 f068f6 __wsopen_s 16 API calls 97970->97971 97972 f069a3 97971->97972 97972->97931 97974 f0ec2a __wsopen_s 14 API calls 97973->97974 97975 f05b90 97974->97975 97979 f05be6 97975->97979 97995 f01ca9 48 API calls 3 library calls 97975->97995 97977 f05bb3 97978 f05bcd GetConsoleMode 97977->97978 97977->97979 97978->97979 97979->97936 97979->97937 97986 f05bff __wsopen_s 97980->97986 97981 f05cb0 97996 ee8367 97981->97996 97983 f05cc9 97983->97948 97984 f05c6f WriteFile 97985 f05cb2 GetLastError 97984->97985 97984->97986 97985->97981 97986->97981 97986->97984 97987->97930 97988->97948 97989->97948 97990->97956 97991->97956 97992->97925 97993->97925 97994->97925 97995->97977 97997 ee836f 97996->97997 97998 ee8370 IsProcessorFeaturePresent 97996->97998 97997->97983 98000 ee9055 97998->98000 98003 ee9018 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98000->98003 98002 ee9138 98002->97983 98003->98002 98004->97836 98005 e8928d 98044 e88fb0 CoCreateGuid 98005->98044 98007 e89293 98008 e89297 98007->98008 98011 e892e9 98007->98011 98083 e79bb0 InitOnceBeginInitialize 98008->98083 98013 e89307 98011->98013 98019 e89366 98011->98019 98015 e79bb0 125 API calls 98013->98015 98017 e8930c 98015->98017 98020 e79940 171 API calls 98017->98020 98022 e892e0 std::ios_base::_Ios_base_dtor _LStrxfrm 98019->98022 98023 e79bb0 125 API calls 98019->98023 98024 e8931c 98020->98024 98035 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98022->98035 98026 e8937e 98023->98026 98027 e71b84 84 API calls 98024->98027 98029 e79940 171 API calls 98026->98029 98030 e89338 98027->98030 98031 e8938e 98029->98031 98032 e71be0 81 API calls 98030->98032 98033 e71b84 84 API calls 98031->98033 98034 e89348 98032->98034 98036 e893aa 98033->98036 98132 e74190 98034->98132 98038 e8944c 98035->98038 98136 e79ab0 98036->98136 98041 e893ba 98043 e7b8a0 170 API calls 98041->98043 98042 e7b8a0 170 API calls 98042->98022 98043->98022 98045 e89155 98044->98045 98046 e88fd6 StringFromCLSID 98044->98046 98048 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98045->98048 98046->98045 98047 e88fee 98046->98047 98047->98045 98050 e88ffe 98047->98050 98049 e89163 98048->98049 98049->98007 98051 e89169 98050->98051 98055 e89050 98050->98055 98068 e89020 _AnonymousOriginator _LStrxfrm 98050->98068 98160 e734d0 21 API calls collate 98051->98160 98053 e8916e 98161 eed60f 98053->98161 98056 e89173 Concurrency::cancel_current_task 98055->98056 98059 e890cd 98055->98059 98060 e890a6 98055->98060 98058 e89180 98056->98058 98057 e89134 CoTaskMemFree 98061 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98057->98061 98141 e9d900 98058->98141 98065 ee8713 moneypunct 27 API calls 98059->98065 98066 e890b7 _LStrxfrm 98059->98066 98060->98056 98144 ee8713 98060->98144 98063 e8914f 98061->98063 98063->98007 98065->98066 98066->98053 98066->98068 98067 e891cd codecvt 98069 e79bb0 125 API calls 98067->98069 98068->98057 98070 e89213 98069->98070 98071 e79940 171 API calls 98070->98071 98072 e89223 98071->98072 98073 e71b84 84 API calls 98072->98073 98074 e8923f 98073->98074 98075 e79ab0 81 API calls 98074->98075 98076 e8924f 98075->98076 98077 e74190 5 API calls 98076->98077 98078 e8925f 98077->98078 98079 e7b8a0 170 API calls 98078->98079 98080 e89267 std::ios_base::_Ios_base_dtor 98079->98080 98081 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98080->98081 98082 e8944c 98081->98082 98082->98007 98084 e79c45 98083->98084 98085 e79bef 98083->98085 98222 ef41c9 48 API calls __CreateFrameInfo 98084->98222 98087 e79c27 98085->98087 98192 e79c50 98085->98192 98088 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98087->98088 98091 e79c41 98088->98091 98093 e79940 98091->98093 98094 e79985 98093->98094 98095 e79a1c 98093->98095 98094->98095 98099 e7998e codecvt 98094->98099 98476 e7b420 170 API calls 3 library calls 98095->98476 98097 e79a00 std::ios_base::_Ios_base_dtor 98098 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98097->98098 98100 e79a51 98098->98100 98473 e7b420 170 API calls 3 library calls 98099->98473 98108 e71b84 98100->98108 98102 e799d5 98474 e79820 81 API calls 98102->98474 98104 e799e9 98475 e7b690 84 API calls _AnonymousOriginator 98104->98475 98106 e799f8 98107 e7b8a0 170 API calls 98106->98107 98107->98097 98109 e71bb6 98108->98109 98110 e71bbf 98108->98110 98477 e780b0 98109->98477 98112 e71be0 98110->98112 98113 e71c27 98112->98113 98114 e71c1c 98112->98114 98116 e7b8a0 98113->98116 98550 e720a0 81 API calls 3 library calls 98114->98550 98117 e7b8ff 98116->98117 98124 e7b96c _AnonymousOriginator 98116->98124 98118 e79ab0 81 API calls 98117->98118 98120 e7b910 98118->98120 98551 e7ba20 98120->98551 98121 e7b9e0 98121->98022 98123 e7b927 98565 e807c0 98123->98565 98637 e820f0 98123->98637 98641 e80890 98123->98641 98709 e7cd20 98124->98709 98125 e7b93c 98125->98124 98126 e7ba0d 98125->98126 98127 eed60f 25 API calls 98126->98127 98128 e7ba12 98127->98128 98133 e741d8 98132->98133 98134 e741cc 98132->98134 98133->98042 98135 e74300 5 API calls 98134->98135 98135->98133 98137 e79aec 98136->98137 98138 e79b1a 98136->98138 99098 e720a0 81 API calls 3 library calls 98137->99098 98138->98041 98140 e79afa 98140->98041 98167 e9dc50 98141->98167 98143 e9d95d 98143->98067 98146 ee8718 98144->98146 98147 ee8732 98146->98147 98150 e73599 moneypunct 98146->98150 98176 ef594f 98146->98176 98186 eff60f EnterCriticalSection LeaveCriticalSection moneypunct 98146->98186 98147->98066 98149 ee873e 98149->98149 98150->98149 98152 e735c5 98150->98152 98183 eea332 98150->98183 98153 ee8713 moneypunct 27 API calls 98152->98153 98154 e735cb 98153->98154 98155 e735d2 98154->98155 98158 e735dc 98154->98158 98155->98066 98159 f28100 _AnonymousOriginator 98158->98159 98187 eed59b 25 API calls 2 library calls 98158->98187 98188 eed62c 11 API calls __CreateFrameInfo 98158->98188 98159->98066 98190 eed59b 25 API calls 2 library calls 98161->98190 98163 eed61e 98191 eed62c 11 API calls __CreateFrameInfo 98163->98191 98165 eed62b 98165->98161 98166 f28100 _AnonymousOriginator 98165->98166 98166->98056 98168 e9dc90 98167->98168 98172 e9dcc5 98167->98172 98173 ee8760 98168->98173 98170 ee8713 moneypunct 27 API calls 98170->98172 98171 e9dc9c 98171->98170 98172->98143 98174 ee8713 moneypunct 27 API calls 98173->98174 98175 ee8795 98174->98175 98175->98171 98182 f02174 std::_Locinfo::_W_Getmonths 98176->98182 98177 f021b2 98178 eed73d __Wcscoll 14 API calls 98177->98178 98180 f021b0 98178->98180 98179 f0219d RtlAllocateHeap 98179->98180 98179->98182 98180->98146 98182->98177 98182->98179 98189 eff60f EnterCriticalSection LeaveCriticalSection moneypunct 98182->98189 98184 eea34c 98183->98184 98185 eea379 RaiseException 98183->98185 98184->98185 98185->98150 98186->98146 98187->98158 98188->98158 98189->98182 98190->98163 98191->98165 98223 e7e310 ConvertStringSecurityDescriptorToSecurityDescriptorW 98192->98223 98195 e79f7e 98196 e7a048 _AnonymousOriginator 98195->98196 98200 e7a072 98195->98200 98199 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98196->98199 98197 ee8760 27 API calls 98198 e79cc1 98197->98198 98202 e9d900 27 API calls 98198->98202 98221 e79e24 _LStrxfrm 98198->98221 98201 e79c11 InitOnceComplete 98199->98201 98203 eed60f 25 API calls 98200->98203 98201->98084 98201->98087 98207 e79cec 98202->98207 98204 e7a077 98203->98204 98205 ee8713 moneypunct 27 API calls 98208 e79eec _AnonymousOriginator 98205->98208 98206 e9d900 27 API calls 98206->98195 98209 e9d900 27 API calls 98207->98209 98208->98200 98208->98206 98210 e79d4c 98209->98210 98244 ed3b8a 98210->98244 98214 e79def 98215 e7a06d Concurrency::cancel_current_task 98214->98215 98216 e79e74 98214->98216 98217 e79e9b 98214->98217 98214->98221 98215->98200 98216->98215 98218 e79e7f 98216->98218 98219 ee8713 moneypunct 27 API calls 98217->98219 98217->98221 98220 ee8713 moneypunct 27 API calls 98218->98220 98219->98221 98220->98221 98221->98200 98221->98205 98224 e7e37d 98223->98224 98231 e7e376 _AnonymousOriginator 98223->98231 98268 e7deb0 98224->98268 98226 e7e3d9 98228 e7e3e8 codecvt 98226->98228 98232 e7e3dd 98226->98232 98227 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98229 e79ca2 98227->98229 98230 e7e425 GetModuleFileNameW 98228->98230 98229->98195 98229->98197 98233 e7e443 98230->98233 98240 e7e54f _AnonymousOriginator 98230->98240 98231->98227 98232->98231 98234 e7e62e 98232->98234 98320 e7daa0 29 API calls 4 library calls 98233->98320 98237 eed60f 25 API calls 98234->98237 98236 e7e454 98236->98240 98321 e7dc20 98236->98321 98238 e7e633 98237->98238 98240->98232 98240->98234 98241 e7e49d _AnonymousOriginator 98241->98240 98242 e7e629 98241->98242 98243 eed60f 25 API calls 98242->98243 98243->98234 98430 ed38db 98244->98430 98246 e79dd9 98247 e81130 98246->98247 98436 e83d80 98247->98436 98251 e81183 98252 e813d8 98251->98252 98253 e8119d 98251->98253 98468 e734d0 21 API calls collate 98252->98468 98460 e740e8 98253->98460 98256 e811bc 98464 e83640 28 API calls _LStrxfrm 98256->98464 98257 eed60f 25 API calls 98259 e813e2 98257->98259 98260 e811cc 98465 e83590 28 API calls _LStrxfrm 98260->98465 98262 e811df 98466 e7f310 28 API calls 3 library calls 98262->98466 98264 e811f5 98467 e83590 28 API calls _LStrxfrm 98264->98467 98266 e81208 _AnonymousOriginator 98266->98257 98267 e813b9 _AnonymousOriginator 98266->98267 98267->98214 98392 eea920 98268->98392 98271 e7df16 98273 e7dc20 93 API calls 98271->98273 98272 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98274 e7e2ee 98272->98274 98276 e7df5d _AnonymousOriginator 98273->98276 98274->98226 98275 e7e2f2 98278 eed60f 25 API calls 98275->98278 98276->98275 98277 e7e00f _AnonymousOriginator 98276->98277 98394 e7f520 98277->98394 98279 e7e2f7 98278->98279 98281 eed60f 25 API calls 98279->98281 98283 e7e2fc 98281->98283 98282 e7e084 98409 e7e640 98282->98409 98285 eed60f 25 API calls 98283->98285 98287 e7e301 98285->98287 98288 eed60f 25 API calls 98287->98288 98289 e7e306 ConvertStringSecurityDescriptorToSecurityDescriptorW 98288->98289 98292 e7e37d 98289->98292 98301 e7e376 _AnonymousOriginator 98289->98301 98291 e7e0e8 _AnonymousOriginator 98291->98291 98293 e7dc20 93 API calls 98291->98293 98315 e7e2bd _AnonymousOriginator 98291->98315 98294 e7deb0 93 API calls 98292->98294 98300 e7e143 _AnonymousOriginator 98293->98300 98295 e7e3d9 98294->98295 98297 e7e3e8 codecvt 98295->98297 98302 e7e3dd 98295->98302 98296 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98298 e7e625 98296->98298 98299 e7e425 GetModuleFileNameW 98297->98299 98298->98226 98303 e7e443 98299->98303 98316 e7e54f _AnonymousOriginator 98299->98316 98300->98283 98306 e7e1f5 _AnonymousOriginator 98300->98306 98301->98296 98302->98301 98304 e7e62e 98302->98304 98424 e7daa0 29 API calls 4 library calls 98303->98424 98308 eed60f 25 API calls 98304->98308 98309 e7f520 28 API calls 98306->98309 98307 e7e454 98313 e7dc20 93 API calls 98307->98313 98307->98316 98311 e7e633 98308->98311 98310 e7e264 98309->98310 98312 e7e640 87 API calls 98310->98312 98314 e7e27d 98312->98314 98317 e7e49d _AnonymousOriginator 98313->98317 98314->98287 98314->98315 98315->98272 98316->98302 98316->98304 98317->98316 98318 e7e629 98317->98318 98319 eed60f 25 API calls 98318->98319 98319->98304 98320->98236 98322 e7dc55 98321->98322 98323 e7dc83 98321->98323 98324 e7f520 28 API calls 98322->98324 98325 e7dd83 98323->98325 98326 e7dcaa 98323->98326 98327 e7dc71 98324->98327 98329 e7f520 28 API calls 98325->98329 98328 e7f520 28 API calls 98326->98328 98327->98241 98330 e7dcb9 98328->98330 98331 e7dd92 98329->98331 98332 e7f520 28 API calls 98330->98332 98333 e7f520 28 API calls 98331->98333 98334 e7dce7 98332->98334 98335 e7ddc0 98333->98335 98427 e7f310 28 API calls 3 library calls 98334->98427 98428 e7f310 28 API calls 3 library calls 98335->98428 98338 e7dd67 _AnonymousOriginator 98338->98241 98339 e7dcfd _AnonymousOriginator 98339->98338 98340 eed60f 25 API calls 98339->98340 98341 e7dea8 codecvt 98340->98341 98342 e7def8 SHGetSpecialFolderPathW 98341->98342 98343 e7df16 98342->98343 98387 e7e2bd _AnonymousOriginator 98342->98387 98345 e7dc20 93 API calls 98343->98345 98344 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98346 e7e2ee 98344->98346 98347 e7df5d _AnonymousOriginator 98345->98347 98346->98241 98348 e7e2f2 98347->98348 98349 e7e00f _AnonymousOriginator 98347->98349 98350 eed60f 25 API calls 98348->98350 98349->98349 98352 e7f520 28 API calls 98349->98352 98351 e7e2f7 98350->98351 98353 eed60f 25 API calls 98351->98353 98354 e7e084 98352->98354 98355 e7e2fc 98353->98355 98356 e7e640 87 API calls 98354->98356 98357 eed60f 25 API calls 98355->98357 98358 e7e09d 98356->98358 98359 e7e301 98357->98359 98358->98351 98363 e7e0e8 _AnonymousOriginator 98358->98363 98360 eed60f 25 API calls 98359->98360 98361 e7e306 ConvertStringSecurityDescriptorToSecurityDescriptorW 98360->98361 98364 e7e37d 98361->98364 98373 e7e376 _AnonymousOriginator 98361->98373 98363->98363 98365 e7dc20 93 API calls 98363->98365 98363->98387 98366 e7deb0 93 API calls 98364->98366 98372 e7e143 _AnonymousOriginator 98365->98372 98367 e7e3d9 98366->98367 98369 e7e3e8 codecvt 98367->98369 98374 e7e3dd 98367->98374 98368 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98370 e7e625 98368->98370 98371 e7e425 GetModuleFileNameW 98369->98371 98370->98241 98375 e7e443 98371->98375 98388 e7e54f _AnonymousOriginator 98371->98388 98372->98355 98378 e7e1f5 _AnonymousOriginator 98372->98378 98373->98368 98374->98373 98376 e7e62e 98374->98376 98429 e7daa0 29 API calls 4 library calls 98375->98429 98380 eed60f 25 API calls 98376->98380 98381 e7f520 28 API calls 98378->98381 98379 e7e454 98385 e7dc20 93 API calls 98379->98385 98379->98388 98383 e7e633 98380->98383 98382 e7e264 98381->98382 98384 e7e640 87 API calls 98382->98384 98386 e7e27d 98384->98386 98389 e7e49d _AnonymousOriginator 98385->98389 98386->98359 98386->98387 98387->98344 98388->98374 98388->98376 98389->98388 98390 e7e629 98389->98390 98391 eed60f 25 API calls 98390->98391 98391->98376 98393 e7def8 SHGetSpecialFolderPathW 98392->98393 98393->98271 98393->98315 98395 e7f541 _LStrxfrm 98394->98395 98398 e7f571 98394->98398 98395->98282 98396 e7f677 98425 e734d0 21 API calls collate 98396->98425 98398->98396 98400 e7f672 Concurrency::cancel_current_task 98398->98400 98401 e7f5d3 98398->98401 98402 e7f5fa 98398->98402 98399 eed60f 25 API calls 98403 e7f681 98399->98403 98400->98396 98401->98400 98404 e7f5de 98401->98404 98406 ee8713 moneypunct 27 API calls 98402->98406 98407 e7f5e4 _LStrxfrm 98402->98407 98405 ee8713 moneypunct 27 API calls 98404->98405 98405->98407 98406->98407 98407->98399 98408 e7f658 _AnonymousOriginator 98407->98408 98408->98282 98410 e7e680 GetFileAttributesW 98409->98410 98411 e7e67e 98409->98411 98415 e7e690 98410->98415 98420 e7e724 _AnonymousOriginator 98410->98420 98411->98410 98412 e7e736 CreateDirectoryW 98413 e7e742 GetLastError 98412->98413 98414 e7e09d 98412->98414 98413->98414 98414->98279 98414->98291 98415->98415 98416 e7f520 28 API calls 98415->98416 98415->98420 98417 e7e6ec 98416->98417 98426 e7d6d0 83 API calls 98417->98426 98419 e7e6f8 98419->98420 98421 e7e77d 98419->98421 98420->98412 98422 eed60f 25 API calls 98421->98422 98423 e7e782 98422->98423 98424->98307 98426->98419 98427->98339 98428->98339 98429->98379 98435 ed38e8 98430->98435 98431 ed38a6 InitializeCriticalSectionEx 98431->98246 98432 ed38c4 InitializeSRWLock 98432->98246 98435->98431 98435->98432 98469 eea3a0 98436->98469 98439 e83e0b OutputDebugStringW 98448 e83e57 _AnonymousOriginator _LStrxfrm 98439->98448 98440 e83e15 98440->98439 98444 e83e3e 98440->98444 98442 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98443 e81172 98442->98443 98459 e83fd0 70 API calls 2 library calls 98443->98459 98445 e83e4a 98444->98445 98446 e83f81 OutputDebugStringW 98444->98446 98447 e83fc0 98445->98447 98445->98448 98449 e83e90 98445->98449 98446->98448 98471 e734d0 21 API calls collate 98447->98471 98448->98442 98452 e83fca Concurrency::cancel_current_task 98449->98452 98454 e83f0e 98449->98454 98455 e83ee7 98449->98455 98451 e83fc5 98453 eed60f 25 API calls 98451->98453 98453->98452 98456 ee8713 moneypunct 27 API calls 98454->98456 98458 e83ef8 _LStrxfrm 98454->98458 98455->98452 98457 ee8713 moneypunct 27 API calls 98455->98457 98456->98458 98457->98458 98458->98448 98458->98451 98459->98251 98461 e74122 98460->98461 98463 e74147 _LStrxfrm 98460->98463 98472 e733c3 28 API calls collate 98461->98472 98463->98256 98464->98260 98465->98262 98466->98264 98467->98266 98470 e83de7 WTSGetActiveConsoleSessionId 98469->98470 98470->98439 98470->98440 98472->98463 98473->98102 98474->98104 98475->98106 98476->98097 98478 e780f9 98477->98478 98492 e78185 _AnonymousOriginator 98477->98492 98496 e77f60 98478->98496 98482 e78109 98512 e781d0 28 API calls 5 library calls 98482->98512 98484 e78119 98513 e789b0 98484->98513 98486 e78130 98487 e74300 5 API calls 98486->98487 98488 e7813e 98487->98488 98524 e78730 80 API calls Concurrency::cancel_current_task 98488->98524 98490 e7814b 98491 e74300 5 API calls 98490->98491 98493 e78156 98491->98493 98492->98110 98493->98492 98494 eed60f 25 API calls 98493->98494 98495 e781c5 98494->98495 98497 e77faa 98496->98497 98507 e78076 98496->98507 98525 ed3cd6 98497->98525 98499 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98500 e7809e 98499->98500 98508 e74300 98500->98508 98501 e77faf std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 98528 e79620 81 API calls Concurrency::cancel_current_task 98501->98528 98503 e78036 98529 e78530 80 API calls Concurrency::cancel_current_task 98503->98529 98505 e7806b 98506 e74300 5 API calls 98505->98506 98506->98507 98507->98499 98510 e7430c __EH_prolog3_catch 98508->98510 98535 e72c9c 98510->98535 98511 e7436d moneypunct 98511->98482 98512->98484 98514 e789ff 98513->98514 98515 e72c9c 5 API calls 98514->98515 98522 e78a1b 98515->98522 98516 e78bce 98516->98486 98518 e78c51 98519 eea332 Concurrency::cancel_current_task RaiseException 98518->98519 98520 e78c5f 98519->98520 98541 eee960 98520->98541 98522->98516 98540 e728d1 27 API calls 3 library calls 98522->98540 98523 e78c71 _AnonymousOriginator 98523->98486 98524->98490 98530 ed6d6a 98525->98530 98528->98503 98529->98505 98531 ed6d7b GetSystemTimePreciseAsFileTime 98530->98531 98532 ed6d87 GetSystemTimeAsFileTime 98530->98532 98533 ed3ce4 98531->98533 98532->98533 98533->98501 98537 e72ca8 __EH_prolog3 98535->98537 98536 e72cf7 moneypunct 98536->98511 98537->98536 98539 e72c33 5 API calls 2 library calls 98537->98539 98539->98536 98540->98518 98544 f02098 98541->98544 98543 eee978 98543->98523 98545 f020a3 RtlFreeHeap 98544->98545 98549 f020cc _free 98544->98549 98546 f020b8 98545->98546 98545->98549 98547 eed73d __Wcscoll 12 API calls 98546->98547 98548 f020be GetLastError 98547->98548 98548->98549 98549->98543 98550->98113 98552 e7ba83 98551->98552 98553 e7bba2 98552->98553 98556 e7bb9d Concurrency::cancel_current_task 98552->98556 98558 e7bb64 98552->98558 98559 e7bb43 98552->98559 98564 e7baca _LStrxfrm 98552->98564 98712 e734d0 21 API calls collate 98553->98712 98555 e7bb50 98557 eed60f 25 API calls 98555->98557 98555->98564 98556->98553 98560 e7bbac 98557->98560 98563 ee8713 moneypunct 27 API calls 98558->98563 98558->98564 98559->98556 98561 e7bb4a 98559->98561 98562 ee8713 moneypunct 27 API calls 98561->98562 98562->98555 98563->98564 98564->98123 98566 e807cb _AnonymousOriginator 98565->98566 98567 eed60f 25 API calls 98566->98567 98568 e8083b _AnonymousOriginator __Mtx_destroy_in_situ 98566->98568 98569 e80884 98567->98569 98568->98125 98713 ed3bab 98569->98713 98572 e808e8 98575 e808f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 98572->98575 98579 e80a51 codecvt 98572->98579 98573 e81045 98779 ed3faf 98573->98779 98577 e80fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 98575->98577 98580 e80911 98575->98580 98576 e8104b 98578 eed60f 25 API calls 98576->98578 98581 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98577->98581 98625 e80f65 98578->98625 98716 e83110 98579->98716 98583 e7f520 28 API calls 98580->98583 98584 e8103f 98581->98584 98586 e80991 98583->98586 98584->98125 98589 e7e640 87 API calls 98586->98589 98592 e809a4 98589->98592 98592->98576 98596 e809ec _AnonymousOriginator 98592->98596 98595 e81087 98600 eea332 Concurrency::cancel_current_task RaiseException 98595->98600 98597 e80a1d 98596->98597 98598 e80a31 98596->98598 98597->98577 98601 e80a25 LocalFree 98597->98601 98598->98579 98602 e80a42 LocalFree 98598->98602 98603 e81098 98600->98603 98601->98577 98602->98579 98794 e728d1 27 API calls 3 library calls 98625->98794 98638 e82123 98637->98638 98639 e820f9 98637->98639 98638->98125 98639->98638 99052 ef4ef7 98639->99052 98642 ed3bab 13 API calls 98641->98642 98643 e808dd 98642->98643 98644 e808e8 98643->98644 98645 e81045 98643->98645 98647 e808f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 98644->98647 98651 e80a51 codecvt 98644->98651 98646 ed3faf 79 API calls 98645->98646 98648 e8104b 98646->98648 98650 e80fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 98647->98650 98652 e80911 98647->98652 98649 eed60f 25 API calls 98648->98649 98661 e80f65 98649->98661 98653 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98650->98653 98654 e83110 107 API calls 98651->98654 98655 e7f520 28 API calls 98652->98655 98656 e8103f 98653->98656 98657 e80a84 98654->98657 98658 e80991 98655->98658 98656->98125 98659 e80fa9 98657->98659 98663 ee8713 moneypunct 27 API calls 98657->98663 98707 e80c43 _LStrxfrm 98657->98707 98662 e7e640 87 API calls 98658->98662 99089 e82b90 73 API calls _AnonymousOriginator 98659->99089 99090 e728d1 27 API calls 3 library calls 98661->99090 98668 e809a4 98662->98668 98665 e80ae1 codecvt 98663->98665 98677 ed3367 std::_Lockit::_Lockit 7 API calls 98665->98677 98666 e789b0 27 API calls 98671 e80d38 98666->98671 98667 e81087 98672 eea332 Concurrency::cancel_current_task RaiseException 98667->98672 98668->98648 98673 e809ec _AnonymousOriginator 98668->98673 98669 e80a1d 98669->98650 98674 e80a25 LocalFree 98669->98674 98670 e80a31 98670->98651 98675 e80a42 LocalFree 98670->98675 98678 e72c9c 5 API calls 98671->98678 98684 e80d68 98671->98684 98676 e81098 98672->98676 98673->98669 98673->98670 98674->98650 98675->98651 98680 e80b0d 98677->98680 98678->98684 98679 e72c9c 5 API calls 98681 e80e1f 98679->98681 99083 ed3184 77 API calls 2 library calls 98680->99083 98690 e80e6e 98681->98690 98708 e82310 70 API calls 98681->98708 98683 e80b55 99084 ed33f6 48 API calls 3 library calls 98683->99084 98684->98659 98684->98661 98684->98679 98686 e80b61 99085 e73128 77 API calls 3 library calls 98686->99085 98688 e80b8b 98689 ed3084 std::locale::_Init 57 API calls 98688->98689 98692 e80b9c 98689->98692 98690->98659 98691 e83030 73 API calls 98690->98691 98694 e80f29 98691->98694 98693 e80be6 98692->98693 98695 ed3367 std::_Lockit::_Lockit 7 API calls 98692->98695 99086 ed5688 84 API calls 8 library calls 98693->99086 98694->98661 98697 e80f78 98694->98697 98698 e80bc5 98695->98698 99087 e7e790 34 API calls 2 library calls 98697->99087 98701 ed33bf std::_Lockit::~_Lockit 2 API calls 98698->98701 98699 e80bf7 98703 e80c1e 98699->98703 98705 eee960 std::_Locinfo::_Getmonths 14 API calls 98699->98705 98699->98707 98701->98693 98702 e80f9f 99088 e81740 28 API calls 98702->99088 98706 ef594f _Yarn 15 API calls 98703->98706 98705->98703 98706->98707 98707->98666 98708->98690 99091 e7cc80 98709->99091 98711 e7cd2f _AnonymousOriginator 98711->98121 98795 ed394b 98713->98795 98815 e7be30 98716->98815 98783 ed3fba 98779->98783 98780 ef41c9 99048 f04be4 EnterCriticalSection LeaveCriticalSection __CreateFrameInfo 98780->99048 98782 ed3fcd 99047 ed3fdc 78 API calls Concurrency::cancel_current_task 98782->99047 98783->98780 98783->98782 98785 ef41ce 98786 ef41d9 98785->98786 99049 f04c32 48 API calls 7 library calls 98785->99049 98788 ef4202 98786->98788 98789 ef41e3 IsProcessorFeaturePresent 98786->98789 99051 efe9c0 23 API calls __CreateFrameInfo 98788->99051 98790 ef41ef 98789->98790 99050 eed453 8 API calls 3 library calls 98790->99050 98792 ef420c 98794->98595 98796 ed39a1 98795->98796 98797 ed3973 GetCurrentThreadId 98795->98797 98798 ed3a05 98796->98798 98799 ed39a5 GetCurrentThreadId 98796->98799 98800 ed397e GetCurrentThreadId 98797->98800 98801 ed3999 98797->98801 98802 ed3a9e GetCurrentThreadId 98798->98802 98805 ed3a25 98798->98805 98809 ed39b0 98799->98809 98800->98801 98804 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 98801->98804 98802->98809 98803 ed3ad5 GetCurrentThreadId 98803->98801 98807 e808dd 98804->98807 98813 ed3cfd GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 98805->98813 98807->98572 98807->98573 98809->98801 98809->98803 98810 ed3a55 GetCurrentThreadId 98810->98809 98811 ed3a30 __Xtime_diff_to_millis2 98810->98811 98811->98801 98811->98809 98811->98810 98814 ed3cfd GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 98811->98814 98813->98811 98814->98811 98841 e7c0c0 98815->98841 98820 e7be6f 98822 e7be7c 98820->98822 98850 ed2bab 9 API calls 2 library calls 98820->98850 98823 e7be86 98851 e728d1 27 API calls 3 library calls 98823->98851 98842 ee8713 moneypunct 27 API calls 98841->98842 98843 e7c13a 98842->98843 98844 ed3084 std::locale::_Init 57 API calls 98843->98844 98845 e7be3b 98844->98845 98846 e7bff0 98845->98846 98847 e7c02e 98846->98847 98852 e732de 98847->98852 98850->98822 98853 e732ea __EH_prolog3_GS 98852->98853 98854 ed3367 std::_Lockit::_Lockit 7 API calls 98853->98854 98855 e732f7 98854->98855 98872 e72d14 14 API calls 3 library calls 98855->98872 98857 e7330e std::locale::_Locimp::_Makeushloc 98869 e73320 98857->98869 98873 e731d9 80 API calls 4 library calls 98857->98873 98858 ed33bf std::_Lockit::~_Lockit 2 API calls 98860 e73365 98858->98860 98875 ee8def 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 98860->98875 98861 e7332e 98863 e73335 98861->98863 98864 e7336d 98861->98864 98874 ed3052 27 API calls moneypunct 98863->98874 98876 e73268 RaiseException Concurrency::cancel_current_task _AnonymousOriginator 98864->98876 98868 e73372 98877 ed32da LCMapStringEx ___crtLCMapStringW 98868->98877 98869->98858 98871 e7338d 98871->98820 98871->98823 98872->98857 98873->98861 98874->98869 98876->98868 98877->98871 99047->98782 99048->98785 99049->98786 99050->98788 99051->98792 99053 ef4f09 99052->99053 99056 ef4f12 ___scrt_uninitialize_crt 99052->99056 99068 ef4d9c 72 API calls ___scrt_uninitialize_crt 99053->99068 99055 ef4f0f 99055->98638 99057 ef4f23 99056->99057 99060 ef4d3c 99056->99060 99057->98638 99061 ef4d48 __FrameHandler3::FrameUnwindToState 99060->99061 99069 ef582c EnterCriticalSection 99061->99069 99063 ef4d56 99070 ef4ea6 99063->99070 99067 ef4d79 99067->98638 99068->99055 99069->99063 99071 ef4ebc 99070->99071 99072 ef4eb3 99070->99072 99074 ef4e41 ___scrt_uninitialize_crt 68 API calls 99071->99074 99081 ef4d9c 72 API calls ___scrt_uninitialize_crt 99072->99081 99076 ef4ec2 99074->99076 99075 ef4d67 99080 ef4d90 LeaveCriticalSection ___scrt_uninitialize_crt 99075->99080 99076->99075 99077 f02e1c __CreateFrameInfo 14 API calls 99076->99077 99078 ef4ed8 99077->99078 99082 f056f0 18 API calls 2 library calls 99078->99082 99080->99067 99081->99075 99082->99075 99083->98683 99084->98686 99085->98688 99086->98699 99087->98702 99089->98650 99090->98667 99092 e7cccb _AnonymousOriginator 99091->99092 99093 e7cc89 99091->99093 99092->98711 99093->99092 99094 eed60f 25 API calls 99093->99094 99095 e7cd1f 99094->99095 99096 e7cc80 25 API calls 99095->99096 99097 e7cd2f _AnonymousOriginator 99096->99097 99097->98711 99098->98140 99099 e829e0 99100 e82a00 99099->99100 99101 e82a15 99099->99101 99102 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99100->99102 99104 e82a2b 99101->99104 99113 e82a54 99101->99113 99103 e82a0f 99102->99103 99106 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99104->99106 99105 e82b4c 99107 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99105->99107 99108 e82a4e 99106->99108 99109 e82b60 99107->99109 99111 e82ae0 99111->99105 99112 e82af0 99111->99112 99115 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99112->99115 99113->99105 99114 e82b07 99113->99114 99118 e82a86 99113->99118 99117 e82b1f 99114->99117 99119 ef569d 70 API calls 99114->99119 99116 e82b01 99115->99116 99117->99105 99120 e82b34 99117->99120 99118->99105 99123 ef4762 52 API calls 3 library calls 99118->99123 99119->99117 99121 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99120->99121 99122 e82b46 99121->99122 99123->99111 99124 f061fa 99125 f06206 __FrameHandler3::FrameUnwindToState 99124->99125 99126 f06223 99125->99126 99127 f0620c 99125->99127 99135 ef582c EnterCriticalSection 99126->99135 99129 eed73d __Wcscoll 14 API calls 99127->99129 99133 f06211 99129->99133 99130 f06233 99136 f0627a 99130->99136 99132 f0623f 99155 f06270 LeaveCriticalSection ___scrt_uninitialize_crt 99132->99155 99135->99130 99137 f06288 99136->99137 99138 f0629f 99136->99138 99139 eed73d __Wcscoll 14 API calls 99137->99139 99140 f02e1c __CreateFrameInfo 14 API calls 99138->99140 99142 f0628d 99139->99142 99141 f062a9 99140->99141 99143 f06972 18 API calls 99141->99143 99142->99132 99144 f062c4 99143->99144 99145 f06337 99144->99145 99146 f0638c 99144->99146 99152 f062ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 99144->99152 99149 f06351 99145->99149 99150 f06365 99145->99150 99147 f0639a 99146->99147 99146->99150 99148 eed73d __Wcscoll 14 API calls 99147->99148 99148->99152 99156 f065bd 24 API calls 4 library calls 99149->99156 99150->99152 99157 f063fe 18 API calls 2 library calls 99150->99157 99152->99132 99153 f0635d 99153->99152 99155->99133 99156->99153 99157->99152 99158 ed14c6 99159 ed14d0 99158->99159 99160 ed293c ___delayLoadHelper2@8 16 API calls 99159->99160 99161 ed14dd 99160->99161 99162 ee8aa2 99163 ee8aae __FrameHandler3::FrameUnwindToState 99162->99163 99190 ee83f9 99163->99190 99165 ee8ab5 99166 ee8c08 99165->99166 99174 ee8adf ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 99165->99174 99209 ee93f2 4 API calls 2 library calls 99166->99209 99168 ee8c0f 99202 efe9fc 99168->99202 99172 ee8c1d 99173 ee8afe 99174->99173 99175 ee8b80 99174->99175 99178 ee8b78 99174->99178 99198 ee950d GetStartupInfoW codecvt 99175->99198 99177 ee8b85 99199 e759aa 99177->99199 99205 efc768 54 API calls 3 library calls 99178->99205 99180 ee8b7f 99180->99175 99184 ee8ba1 99184->99168 99185 ee8ba5 99184->99185 99186 ee8bae 99185->99186 99207 efe9b1 23 API calls __CreateFrameInfo 99185->99207 99208 ee856a 79 API calls ___scrt_uninitialize_crt 99186->99208 99189 ee8bb6 99189->99173 99191 ee8402 99190->99191 99211 ee9215 IsProcessorFeaturePresent 99191->99211 99193 ee840e 99212 eebd89 10 API calls 2 library calls 99193->99212 99195 ee8413 99196 ee8417 99195->99196 99213 eebda8 7 API calls 2 library calls 99195->99213 99196->99165 99198->99177 99214 e74e1f 99199->99214 103124 efe89a 99202->103124 99205->99180 99206 ee9543 GetModuleHandleW 99206->99184 99207->99186 99208->99189 99209->99168 99210 efe9c0 23 API calls __CreateFrameInfo 99210->99172 99211->99193 99212->99195 99213->99196 99457 e9d6d0 GetModuleHandleW 99214->99457 99216 e74e6c 99217 e74ec6 99216->99217 99219 e79bb0 125 API calls 99216->99219 99461 e74d63 99217->99461 99221 e74e7a 99219->99221 99224 e79940 171 API calls 99221->99224 99222 e74ee0 99225 e79bb0 125 API calls 99222->99225 99223 e74f39 CoInitializeEx 99227 e74f48 99223->99227 99226 e74e8a 99224->99226 99230 e74ee5 99225->99230 99231 e71b84 84 API calls 99226->99231 99228 e74f56 99227->99228 99481 e75a4f 99227->99481 99232 ee8760 27 API calls 99228->99232 99233 e79940 171 API calls 99230->99233 99234 e74eab 99231->99234 99235 e74f78 99232->99235 99236 e74ef5 99233->99236 99237 e71be0 81 API calls 99234->99237 99518 e75d57 99235->99518 99238 e71b84 84 API calls 99236->99238 99239 e74ebb 99237->99239 99240 e74f16 99238->99240 99708 e7136c 99239->99708 99243 e71be0 81 API calls 99240->99243 99245 e74f26 99243->99245 99244 e74f91 99246 e74ff1 99244->99246 99247 e74f9b 99244->99247 99248 e7136c 170 API calls 99245->99248 99249 ee8760 27 API calls 99246->99249 99250 e79bb0 125 API calls 99247->99250 99251 e74f31 99248->99251 99255 e75004 99249->99255 99252 e74fa0 99250->99252 99253 e758e3 CloseHandle 99251->99253 99254 e758ef 99251->99254 99256 e79940 171 API calls 99252->99256 99253->99254 99257 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99254->99257 99522 e75db6 99255->99522 99258 e74fb0 99256->99258 99259 e7590c 99257->99259 99261 e71b84 84 API calls 99258->99261 99259->99206 99262 e74fd1 99261->99262 99264 e71be0 81 API calls 99262->99264 99263 e75020 99265 e7502e 99263->99265 99266 e7507b codecvt 99263->99266 99267 e74fe1 99264->99267 99268 e79bb0 125 API calls 99265->99268 99272 ee8760 27 API calls 99266->99272 99269 e7136c 170 API calls 99267->99269 99270 e75033 99268->99270 99278 e74fec 99269->99278 99271 e79940 171 API calls 99270->99271 99273 e75043 99271->99273 99274 e750c0 99272->99274 99275 e71b84 84 API calls 99273->99275 99276 e750d6 99274->99276 99711 e86bd0 29 API calls 3 library calls 99274->99711 99277 e7505b 99275->99277 99526 e75e16 99276->99526 99282 e71be0 81 API calls 99277->99282 99707 e759c2 ReleaseMutex 99278->99707 99285 e7506b 99282->99285 99283 e758ce 99283->99251 99286 e758d4 CoUninitialize 99283->99286 99284 e750e7 99287 e750f2 99284->99287 99291 e75143 99284->99291 99288 e7136c 170 API calls 99285->99288 99286->99251 99289 e79bb0 125 API calls 99287->99289 99288->99278 99290 e750f7 99289->99290 99292 e79940 171 API calls 99290->99292 99532 ea3670 99291->99532 99294 e75107 99292->99294 99296 e71b84 84 API calls 99294->99296 99299 e75123 99296->99299 99297 e751f7 CommandLineToArgvW 99308 e75235 99297->99308 99309 e75284 codecvt 99297->99309 99298 e751ab 99300 e79bb0 125 API calls 99298->99300 99301 e71be0 81 API calls 99299->99301 99303 e75133 99301->99303 99458 e9d6fd 99457->99458 99459 e9d6df GetProcAddress 99457->99459 99458->99216 99459->99458 99460 e9d6ef 99459->99460 99460->99216 99729 e74c8e GetCurrentProcessId 99461->99729 99464 e74d7f CreateMutexW 99466 e74df4 WaitForSingleObject 99464->99466 99467 e74d92 99464->99467 99465 e74df0 99465->99222 99465->99223 99466->99465 99469 e74e06 99466->99469 99468 e79bb0 125 API calls 99467->99468 99471 e74d97 99468->99471 99469->99465 99470 e74e0b CloseHandle 99469->99470 99470->99465 99472 e79940 171 API calls 99471->99472 99473 e74da5 99472->99473 99474 e71b84 84 API calls 99473->99474 99475 e74dc2 99474->99475 99476 e71be0 81 API calls 99475->99476 99477 e74dd0 GetLastError 99476->99477 99478 e76140 80 API calls 99477->99478 99479 e74de7 99478->99479 99480 e7136c 170 API calls 99479->99480 99480->99465 99482 e75a5e __EH_prolog3_GS 99481->99482 99865 e75c1e 99482->99865 99485 e75a78 99486 e79bb0 125 API calls 99485->99486 99488 e75a7d 99486->99488 99487 e75b92 _com_issue_error 99489 e79940 171 API calls 99488->99489 99490 e75a8d 99489->99490 99492 e71b84 84 API calls 99490->99492 99491 e75acc 99491->99487 99493 e75af5 99491->99493 99494 e75b38 99491->99494 99495 e75aa9 99492->99495 99496 e79bb0 125 API calls 99493->99496 99498 e79bb0 125 API calls 99494->99498 99497 e71be0 81 API calls 99495->99497 99499 e75afa 99496->99499 99500 e75ab9 99497->99500 99501 e75b3d 99498->99501 99502 e79940 171 API calls 99499->99502 99872 e76300 80 API calls 99500->99872 99504 e79940 171 API calls 99501->99504 99506 e75b0a 99502->99506 99505 e75b4d 99504->99505 99508 e71b84 84 API calls 99505->99508 99509 e71b84 84 API calls 99506->99509 99507 e75ac7 99511 e7136c 170 API calls 99507->99511 99510 e75b69 99508->99510 99512 e75b26 99509->99512 99513 e71be0 81 API calls 99510->99513 99514 e75b84 99511->99514 99515 e71be0 81 API calls 99512->99515 99513->99507 99873 ee8def 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 99514->99873 99515->99500 99519 e75d63 __EH_prolog3 99518->99519 99520 ee8713 moneypunct 27 API calls 99519->99520 99521 e75d7c _AnonymousOriginator moneypunct 99520->99521 99521->99244 99523 e75dc2 __EH_prolog3 99522->99523 99524 ee8713 moneypunct 27 API calls 99523->99524 99525 e75ddb moneypunct 99524->99525 99525->99263 99527 e75e22 __EH_prolog3 99526->99527 99528 ee8713 moneypunct 27 API calls 99527->99528 99529 e75e3b 99528->99529 99874 e75eee 99529->99874 99531 e75e6c moneypunct 99531->99284 99533 ea36ae 99532->99533 99534 ea3977 99533->99534 99879 e86d24 99533->99879 99540 ea39df 99534->99540 100053 ea8650 99534->100053 99536 ea3750 99536->99534 99537 ee8713 moneypunct 27 API calls 99536->99537 99538 ea375f 99537->99538 99541 ea3799 99538->99541 100046 ea8ba0 27 API calls moneypunct 99538->100046 99542 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99540->99542 99544 e751a7 99542->99544 99544->99297 99544->99298 99707->99283 99709 e7b8a0 170 API calls 99708->99709 99710 e7139a std::ios_base::_Ios_base_dtor 99709->99710 99710->99217 99711->99276 99730 e74cb0 CreateToolhelp32Snapshot 99729->99730 99731 e74cc5 Process32FirstW 99730->99731 99739 e74cdd 99730->99739 99731->99739 99732 e74d44 99735 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99732->99735 99733 e74ce3 Process32NextW 99733->99739 99737 e74d58 99735->99737 99736 e74cf9 CloseHandle 99736->99739 99737->99464 99737->99465 99739->99730 99739->99732 99739->99733 99739->99736 99740 e73899 5 API calls 99739->99740 99741 e84590 99739->99741 99752 ef2041 99739->99752 99740->99739 99760 e84760 99741->99760 99744 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99747 e8468c 99744->99747 99745 e84693 99748 eed60f 25 API calls 99745->99748 99746 e84650 _AnonymousOriginator 99746->99744 99747->99739 99749 e84698 99748->99749 99750 e846b3 99749->99750 99751 e846ac CloseHandle 99749->99751 99750->99739 99751->99750 99753 ef204f 99752->99753 99754 ef2072 99752->99754 99753->99754 99755 ef2055 99753->99755 99864 ef208d 49 API calls 3 library calls 99754->99864 99757 eed73d __Wcscoll 14 API calls 99755->99757 99759 ef205a 99757->99759 99758 ef2088 99758->99739 99759->99739 99771 e84200 OpenProcess 99760->99771 99762 e847a8 99764 e847b2 99762->99764 99843 e7daa0 29 API calls 4 library calls 99762->99843 99766 e84935 99764->99766 99769 e847e2 _AnonymousOriginator 99764->99769 99765 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99767 e84604 99765->99767 99768 eed60f 25 API calls 99766->99768 99767->99745 99767->99746 99770 e8493a 99768->99770 99769->99765 99772 e84267 99771->99772 99779 e84310 99771->99779 99773 e79bb0 125 API calls 99772->99773 99775 e8426c 99773->99775 99776 e79940 171 API calls 99775->99776 99778 e8427c 99776->99778 99777 e84351 QueryFullProcessImageNameW 99777->99779 99780 e84375 GetLastError 99777->99780 99781 e71b84 84 API calls 99778->99781 99783 e8447f 99779->99783 99844 e846c0 99779->99844 99780->99779 99782 e84387 99780->99782 99785 e84298 99781->99785 99786 e79bb0 125 API calls 99782->99786 99784 e79bb0 125 API calls 99783->99784 99787 e84484 99784->99787 99859 e71cc0 81 API calls 99785->99859 99789 e8438c 99786->99789 99790 e79940 171 API calls 99787->99790 99792 e79940 171 API calls 99789->99792 99793 e84494 99790->99793 99791 e842a3 99794 e76140 80 API calls 99791->99794 99795 e8439c 99792->99795 99796 e71b84 84 API calls 99793->99796 99797 e842b1 99794->99797 99798 e71b84 84 API calls 99795->99798 99799 e844b0 99796->99799 99800 e84940 81 API calls 99797->99800 99801 e843b8 99798->99801 99802 e71be0 81 API calls 99799->99802 99803 e842bc GetLastError 99800->99803 99850 e849d0 99801->99850 99805 e844c0 99802->99805 99806 e76140 80 API calls 99803->99806 99808 e76140 80 API calls 99805->99808 99809 e842d3 99806->99809 99807 e843c3 99810 e76140 80 API calls 99807->99810 99811 e844ce 99808->99811 99812 e7b8a0 170 API calls 99809->99812 99813 e843d1 99810->99813 99860 e84a60 81 API calls 99811->99860 99820 e842de std::ios_base::_Ios_base_dtor 99812->99820 99855 e84940 99813->99855 99817 e844d9 99819 e74190 5 API calls 99817->99819 99818 e76140 80 API calls 99821 e843ea 99818->99821 99822 e844f5 99819->99822 99824 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99820->99824 99823 e7b8a0 170 API calls 99821->99823 99825 e7b8a0 170 API calls 99822->99825 99827 e843f5 std::ios_base::_Ios_base_dtor 99823->99827 99826 e8457a 99824->99826 99829 e84462 std::ios_base::_Ios_base_dtor _AnonymousOriginator 99825->99829 99826->99762 99827->99829 99830 e84581 99827->99830 99828 e8455a CloseHandle 99828->99820 99829->99820 99829->99828 99831 eed60f 25 API calls 99830->99831 99832 e84586 99831->99832 99833 e84760 210 API calls 99832->99833 99834 e84604 99833->99834 99836 e84693 99834->99836 99837 e84650 _AnonymousOriginator 99834->99837 99835 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99838 e8468c 99835->99838 99839 eed60f 25 API calls 99836->99839 99837->99835 99838->99762 99840 e84698 99839->99840 99841 e846b3 99840->99841 99842 e846ac CloseHandle 99840->99842 99841->99762 99842->99841 99843->99764 99845 e846e9 99844->99845 99846 e846d3 99844->99846 99847 e846fa 99845->99847 99861 e78eb0 28 API calls 4 library calls 99845->99861 99846->99777 99847->99777 99849 e8474a 99849->99777 99851 e84a0c 99850->99851 99852 e84a3e 99850->99852 99862 e720a0 81 API calls 3 library calls 99851->99862 99852->99807 99854 e84a1e 99854->99807 99856 e8497c 99855->99856 99858 e843dc 99855->99858 99863 e720a0 81 API calls 3 library calls 99856->99863 99858->99818 99859->99791 99860->99817 99861->99849 99862->99854 99863->99858 99864->99758 99866 e75c64 CoCreateInstance 99865->99866 99867 e75c54 99865->99867 99868 e75c86 OleRun 99866->99868 99871 e75c95 99866->99871 99867->99866 99868->99871 99869 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 99870 e75a71 99869->99870 99870->99485 99870->99491 99871->99869 99872->99507 99875 e75ef5 99874->99875 99876 e75efc _AnonymousOriginator 99874->99876 99878 e75f8a 5 API calls 2 library calls 99875->99878 99876->99531 99880 e86d30 99879->99880 99886 e86ec8 std::ios_base::_Ios_base_dtor __Mtx_unlock 99879->99886 99881 e86d3e 99880->99881 99882 e86dff 99880->99882 99883 ee8760 27 API calls 99881->99883 99884 ee8760 27 API calls 99882->99884 99885 e86d48 99883->99885 99887 e86e09 99884->99887 99889 e8ce00 211 API calls 99885->99889 99898 e86db6 99885->99898 99886->99536 99887->99898 100046->99541 100054 ea8b75 100053->100054 100069 ea86ab swprintf 100053->100069 101032 ea8400 91 API calls 3 library calls 100054->101032 100056 ea8b89 100073 ea88f1 _AnonymousOriginator 100056->100073 100060 ef1faa swprintf 54 API calls 100060->100069 100061 ea870d codecvt 101026 e91820 100061->101026 100066 ea8895 101012 e74880 100066->101012 100069->100060 100069->100061 100069->100066 101025 e79050 28 API calls 100069->101025 101013 e79bb0 125 API calls 101012->101013 101025->100069 101027 e91858 101026->101027 101032->100056 103125 efe8ba 103124->103125 103126 efe8a8 103124->103126 103136 efe741 103125->103136 103152 ee9543 GetModuleHandleW 103126->103152 103129 efe8ad 103129->103125 103153 efe940 GetModuleHandleExW 103129->103153 103131 ee8c15 103131->99210 103137 efe74d __FrameHandler3::FrameUnwindToState 103136->103137 103159 efcd41 EnterCriticalSection 103137->103159 103139 efe757 103160 efe7ad 103139->103160 103141 efe764 103164 efe782 103141->103164 103144 efe8fe 103169 f07cf2 GetPEB 103144->103169 103147 efe92d 103150 efe940 __CreateFrameInfo 3 API calls 103147->103150 103148 efe90d GetPEB 103148->103147 103149 efe91d GetCurrentProcess TerminateProcess 103148->103149 103149->103147 103151 efe935 ExitProcess 103150->103151 103152->103129 103154 efe95f GetProcAddress 103153->103154 103155 efe982 103153->103155 103158 efe974 103154->103158 103156 efe988 FreeLibrary 103155->103156 103157 efe8b9 103155->103157 103156->103157 103157->103125 103158->103155 103159->103139 103162 efe7b9 __FrameHandler3::FrameUnwindToState 103160->103162 103161 efe81a __CreateFrameInfo 103161->103141 103162->103161 103167 eff40b 14 API calls __CreateFrameInfo 103162->103167 103168 efcd91 LeaveCriticalSection 103164->103168 103166 efe770 103166->103131 103166->103144 103167->103161 103168->103166 103170 efe908 103169->103170 103171 f07d0c 103169->103171 103170->103147 103170->103148 103173 f042b4 5 API calls _unexpected 103171->103173 103173->103170 103174 e95318 103175 ee88fa 6 API calls 103174->103175 103176 e95322 103175->103176 103177 ee8713 moneypunct 27 API calls 103176->103177 103273 e9571a 103176->103273 103179 e9535e 103177->103179 103291 e94a40 103179->103291 103180 e9575a GetModuleHandleW 103185 e95816 103180->103185 103182 e953a7 103184 e94a40 33 API calls 103182->103184 103186 e953ba 103184->103186 103188 e96440 27 API calls 103185->103188 103187 e94a40 33 API calls 103186->103187 103189 e953cb 103187->103189 103190 e95885 103188->103190 103313 e961f0 29 API calls 3 library calls 103189->103313 103308 e965c0 103190->103308 103193 e953e9 103195 e94a40 33 API calls 103193->103195 103194 e9588c 103196 e96440 27 API calls 103194->103196 103197 e95486 103195->103197 103204 e9595c 103196->103204 103198 e94a40 33 API calls 103197->103198 103199 e95499 103198->103199 103200 e94a40 33 API calls 103199->103200 103201 e954aa 103200->103201 103314 e961f0 29 API calls 3 library calls 103201->103314 103203 e954c8 103205 e94a40 33 API calls 103203->103205 103206 e96440 27 API calls 103204->103206 103207 e95565 103205->103207 103213 e95ae8 103206->103213 103208 e94a40 33 API calls 103207->103208 103209 e95578 103208->103209 103210 e94a40 33 API calls 103209->103210 103211 e95589 103210->103211 103315 e961f0 29 API calls 3 library calls 103211->103315 103244 e95b83 std::ios_base::_Ios_base_dtor _AnonymousOriginator 103213->103244 103319 e711f3 29 API calls 2 library calls 103213->103319 103214 e955a7 103218 e94a40 33 API calls 103214->103218 103216 e95bdb 103219 e95be6 103216->103219 103227 e95cfc _AnonymousOriginator 103216->103227 103217 e96440 27 API calls 103225 e95cc5 103217->103225 103220 e9564e 103218->103220 103221 e79bb0 125 API calls 103219->103221 103222 e94a40 33 API calls 103220->103222 103224 e95beb 103221->103224 103226 e95661 103222->103226 103223 e96440 27 API calls 103228 e95d62 103223->103228 103229 e79940 171 API calls 103224->103229 103230 e95e30 103225->103230 103231 e95de7 103225->103231 103246 e95cd3 _LStrxfrm 103225->103246 103232 e94a40 33 API calls 103226->103232 103227->103223 103228->103244 103320 e8aad0 28 API calls 4 library calls 103228->103320 103233 e95bfb 103229->103233 103242 ee8713 moneypunct 27 API calls 103230->103242 103230->103246 103234 e95df2 103231->103234 103235 e96085 Concurrency::cancel_current_task 103231->103235 103236 e95672 103232->103236 103238 e71b84 84 API calls 103233->103238 103240 ee8713 moneypunct 27 API calls 103234->103240 103239 e9608a 103235->103239 103316 e961f0 29 API calls 3 library calls 103236->103316 103243 e95c17 103238->103243 103245 eed60f 25 API calls 103239->103245 103240->103246 103242->103246 103248 e71be0 81 API calls 103243->103248 103244->103217 103250 e9608f 103245->103250 103246->103239 103254 e95ebc _AnonymousOriginator 103246->103254 103247 e95690 103257 ee8713 moneypunct 27 API calls 103247->103257 103249 e95c27 103248->103249 103251 e7b8a0 170 API calls 103249->103251 103252 eed60f 25 API calls 103250->103252 103251->103244 103266 e96094 _AnonymousOriginator 103252->103266 103253 e95f73 _AnonymousOriginator 103255 e95f82 GetModuleHandleW 103253->103255 103254->103253 103256 e96440 27 API calls 103254->103256 103258 e95f95 GetProcAddress 103255->103258 103280 e95fc1 103255->103280 103259 e95f2f 103256->103259 103260 e956d2 103257->103260 103262 e95fa7 GetCurrentProcess 103258->103262 103258->103280 103263 e95f45 103259->103263 103321 e8aad0 28 API calls 4 library calls 103259->103321 103317 ee85bf 17 API calls 103260->103317 103262->103280 103263->103250 103263->103253 103263->103255 103265 e96440 27 API calls 103270 e96022 103265->103270 103267 e96166 _AnonymousOriginator 103266->103267 103326 e967b0 26 API calls _AnonymousOriginator 103266->103326 103271 eed60f 25 API calls 103267->103271 103279 e961b4 _AnonymousOriginator 103267->103279 103269 e95710 103318 ee88b0 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 103269->103318 103322 e736db 27 API calls collate 103270->103322 103276 e961d9 103271->103276 103298 e96440 103273->103298 103275 e960f4 103278 e9610e SysFreeString 103275->103278 103284 e9611b _AnonymousOriginator 103275->103284 103277 e9602a 103323 e7372a 5 API calls collate 103277->103323 103278->103284 103280->103265 103281 e96159 SysFreeString 103281->103267 103283 e96032 103324 e7372a 5 API calls collate 103283->103324 103284->103267 103284->103281 103286 e9603a 103325 e7372a 5 API calls collate 103286->103325 103288 e96042 103289 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 103288->103289 103290 e96059 103289->103290 103292 ee8713 moneypunct 27 API calls 103291->103292 103293 e94a6e 103292->103293 103295 e94aa5 _com_issue_error 103293->103295 103327 ee9900 103293->103327 103296 e94afc SysFreeString 103295->103296 103297 e94ab8 _AnonymousOriginator 103295->103297 103296->103297 103297->103182 103306 e96496 103298->103306 103299 e964fd 103302 ee8713 moneypunct 27 API calls 103299->103302 103300 e965af 103349 e79b40 27 API calls 2 library calls 103300->103349 103304 e96515 103302->103304 103303 e965b4 103348 e96bb0 25 API calls _AnonymousOriginator 103304->103348 103306->103299 103306->103300 103307 e964e8 103306->103307 103307->103180 103309 e965cc 103308->103309 103310 e965ef _AnonymousOriginator 103308->103310 103309->103310 103311 eed60f 25 API calls 103309->103311 103310->103194 103312 e96639 103311->103312 103313->103193 103314->103203 103315->103214 103316->103247 103317->103269 103318->103273 103319->103216 103320->103244 103321->103263 103322->103277 103323->103283 103324->103286 103325->103288 103326->103275 103328 ee9960 103327->103328 103347 ee993d 103327->103347 103331 ee997f MultiByteToWideChar 103328->103331 103332 ee9a33 _com_issue_error 103328->103332 103329 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 103330 ee995a 103329->103330 103330->103295 103333 ee999c 103331->103333 103334 ee9a47 GetLastError 103331->103334 103332->103334 103335 ef594f _Yarn 15 API calls 103333->103335 103336 ee99ae __Strxfrm 103333->103336 103337 ee9a51 _com_issue_error 103334->103337 103335->103336 103336->103332 103341 ee99fa MultiByteToWideChar 103336->103341 103338 ee9a70 GetLastError 103337->103338 103339 eee960 std::_Locinfo::_Getmonths 14 API calls 103337->103339 103340 ee9a7a _com_issue_error 103338->103340 103343 ee9a6d 103339->103343 103340->103295 103341->103337 103342 ee9a0e SysAllocString 103341->103342 103344 ee9a1f 103342->103344 103345 ee9a25 103342->103345 103343->103338 103346 eee960 std::_Locinfo::_Getmonths 14 API calls 103344->103346 103345->103332 103345->103347 103346->103345 103347->103329 103348->103307 103349->103303 103350 ec4db8 103351 ec4da7 103350->103351 103351->103350 103352 ed293c ___delayLoadHelper2@8 16 API calls 103351->103352 103352->103351 103353 ec4cfa 103354 ec4c79 103353->103354 103355 ed293c ___delayLoadHelper2@8 16 API calls 103354->103355 103355->103354 103356 ef22d9 103357 ef22fc 103356->103357 103358 ef22e9 103356->103358 103360 ef230e 103357->103360 103364 ef2321 103357->103364 103359 eed73d __Wcscoll 14 API calls 103358->103359 103380 ef22ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 103359->103380 103361 eed73d __Wcscoll 14 API calls 103360->103361 103361->103380 103362 ef2341 103365 eed73d __Wcscoll 14 API calls 103362->103365 103363 ef2352 103381 f03473 14 API calls __Wcscoll 103363->103381 103364->103362 103364->103363 103365->103380 103367 ef2369 103368 ef255d 103367->103368 103382 f0349f 14 API calls __Wcscoll 103367->103382 103386 eed62c 11 API calls __CreateFrameInfo 103368->103386 103371 ef237b 103371->103368 103383 f034cb 14 API calls __Wcscoll 103371->103383 103372 ef2567 103374 ef238d 103374->103368 103375 ef2396 103374->103375 103376 ef241b 103375->103376 103377 ef23b7 103375->103377 103376->103380 103385 f03f0a 25 API calls 2 library calls 103376->103385 103377->103380 103384 f03f0a 25 API calls 2 library calls 103377->103384 103381->103367 103382->103371 103383->103374 103384->103380 103385->103380 103386->103372 103387 e9ecd0 103388 e9ecde 103387->103388 103389 e9ece7 lstrlenW 103387->103389 103392 e9ed10 103389->103392 103390 e9ed07 103393 e9ed39 103392->103393 103394 e9ed1a 103392->103394 103393->103390 103394->103393 103395 e9ed22 RegSetValueExW 103394->103395 103395->103390 103396 e9ea50 103398 e9ed10 RegSetValueExW 103396->103398 103397 e9ea63 103398->103397 103405 e9e590 103406 e9e59a 103405->103406 103407 e9e5a5 103405->103407 103410 e9e8c0 RegQueryValueExW 103407->103410 103408 e9e5bf 103410->103408 103411 e9df10 RegCreateKeyExW 103412 e9df52 103411->103412 103416 f0732a 103421 f070bf 103416->103421 103418 f07340 103419 f07369 103418->103419 103431 f10408 103418->103431 103422 f070ed ___vcrt_FlsSetValue 103421->103422 103422->103422 103423 f0723d 103422->103423 103426 ef2041 49 API calls 103422->103426 103424 eed73d __Wcscoll 14 API calls 103423->103424 103425 f07248 103423->103425 103424->103425 103425->103418 103427 f072a5 103426->103427 103427->103423 103428 ef2041 49 API calls 103427->103428 103429 f072c3 103428->103429 103429->103423 103430 ef2041 49 API calls 103429->103430 103430->103423 103434 f0fb11 103431->103434 103433 f10423 103433->103419 103436 f0fb1d __FrameHandler3::FrameUnwindToState 103434->103436 103435 f0fb24 103437 eed73d __Wcscoll 14 API calls 103435->103437 103436->103435 103438 f0fb4f 103436->103438 103441 f0fb29 103437->103441 103443 f100de 103438->103443 103441->103433 103491 f0feba 103443->103491 103446 f10110 103519 eed72a 14 API calls __dosmaperr 103446->103519 103447 f10129 103505 f0adb9 103447->103505 103451 f10137 103520 eed72a 14 API calls __dosmaperr 103451->103520 103452 f1014e 103518 f0fe25 CreateFileW 103452->103518 103453 f10115 103454 eed73d __Wcscoll 14 API calls 103453->103454 103457 f0fb73 103454->103457 103490 f0fba6 LeaveCriticalSection __wsopen_s 103457->103490 103458 f1013c 103459 eed73d __Wcscoll 14 API calls 103458->103459 103459->103453 103460 f10204 GetFileType 103461 f10256 103460->103461 103462 f1020f GetLastError 103460->103462 103524 f0ad04 15 API calls 3 library calls 103461->103524 103523 eed707 14 API calls 3 library calls 103462->103523 103463 f101d9 GetLastError 103522 eed707 14 API calls 3 library calls 103463->103522 103466 f10187 103466->103460 103466->103463 103521 f0fe25 CreateFileW 103466->103521 103468 f1021d CloseHandle 103468->103453 103471 f10246 103468->103471 103469 f101cc 103469->103460 103469->103463 103473 eed73d __Wcscoll 14 API calls 103471->103473 103472 f10277 103474 f102c3 103472->103474 103525 f10034 70 API calls 3 library calls 103472->103525 103475 f1024b 103473->103475 103479 f102ca 103474->103479 103526 f0fbd2 71 API calls 3 library calls 103474->103526 103475->103453 103478 f102f8 103478->103479 103480 f10306 103478->103480 103481 f06b6c __wsopen_s 17 API calls 103479->103481 103480->103457 103482 f10382 CloseHandle 103480->103482 103481->103457 103527 f0fe25 CreateFileW 103482->103527 103484 f103ad 103485 f103b7 GetLastError 103484->103485 103486 f103e3 103484->103486 103528 eed707 14 API calls 3 library calls 103485->103528 103486->103457 103488 f103c3 103529 f0aecc 15 API calls 3 library calls 103488->103529 103490->103441 103492 f0fedb 103491->103492 103495 f0feea 103491->103495 103494 eed73d __Wcscoll 14 API calls 103492->103494 103492->103495 103494->103495 103530 f0fe4a 103495->103530 103496 f0ff2d 103498 eed73d __Wcscoll 14 API calls 103496->103498 103499 f0ff51 103496->103499 103498->103499 103503 f0ffaf 103499->103503 103535 eff7e4 14 API calls __Wcscoll 103499->103535 103500 f0ffaa 103501 f10027 103500->103501 103500->103503 103536 eed62c 11 API calls __CreateFrameInfo 103501->103536 103503->103446 103503->103447 103504 f10033 103506 f0adc5 __FrameHandler3::FrameUnwindToState 103505->103506 103537 efcd41 EnterCriticalSection 103506->103537 103508 f0adcc 103510 f0adf1 103508->103510 103514 f0ae60 EnterCriticalSection 103508->103514 103516 f0ae13 103508->103516 103541 f0ab93 15 API calls 3 library calls 103510->103541 103513 f0adf6 103513->103516 103542 f0ace1 EnterCriticalSection 103513->103542 103515 f0ae6d LeaveCriticalSection 103514->103515 103514->103516 103515->103508 103538 f0aec3 103516->103538 103518->103466 103519->103453 103520->103458 103521->103469 103522->103453 103523->103468 103524->103472 103525->103474 103526->103478 103527->103484 103528->103488 103529->103486 103531 f0fe62 103530->103531 103532 f0fe7d 103531->103532 103533 eed73d __Wcscoll 14 API calls 103531->103533 103532->103496 103534 f0fea1 103533->103534 103534->103496 103535->103500 103536->103504 103537->103508 103543 efcd91 LeaveCriticalSection 103538->103543 103540 f0ae33 103540->103451 103540->103452 103541->103513 103542->103516 103543->103540 103544 f0eced 103545 f0ecf9 __FrameHandler3::FrameUnwindToState 103544->103545 103552 efcd41 EnterCriticalSection 103545->103552 103547 f0ed04 103553 f0ed4c 103547->103553 103549 f0ed1a 103568 f0ed43 LeaveCriticalSection std::_Lockit::~_Lockit 103549->103568 103551 f0ed2e 103552->103547 103554 f0ed5b 103553->103554 103555 f0ed6e 103553->103555 103556 eed73d __Wcscoll 14 API calls 103554->103556 103557 f0ed80 103555->103557 103558 f0edbc 103555->103558 103561 f0ed60 103556->103561 103569 f0ec80 103557->103569 103559 eed73d __Wcscoll 14 API calls 103558->103559 103559->103561 103561->103549 103564 f0edd7 103564->103561 103565 f0ede5 103564->103565 103574 eed62c 11 API calls __CreateFrameInfo 103565->103574 103567 f0edf1 103568->103551 103570 f0ec8d 103569->103570 103572 f0ece0 103570->103572 103575 f1129f 50 API calls 103570->103575 103572->103561 103573 f018d3 14 API calls __Wcscoll 103572->103573 103573->103564 103574->103567 103575->103570 103576 e87156 103577 ee8713 moneypunct 27 API calls 103576->103577 103578 e8715c _LStrxfrm 103577->103578 103579 e871bf 103578->103579 103589 e8722a 103578->103589 103580 e79bb0 125 API calls 103579->103580 103581 e871c4 103580->103581 103582 e79940 171 API calls 103581->103582 103583 e871d4 103582->103583 103586 e71b84 84 API calls 103583->103586 103584 e87df1 103828 e734d0 21 API calls collate 103584->103828 103588 e871f0 103586->103588 103591 e79ab0 81 API calls 103588->103591 103589->103584 103592 e872db 103589->103592 103593 e872b4 103589->103593 103604 e8725f _LStrxfrm 103589->103604 103595 e87200 103591->103595 103596 ee8713 moneypunct 27 API calls 103592->103596 103592->103604 103594 e87dfc Concurrency::cancel_current_task 103593->103594 103600 ee8713 moneypunct 27 API calls 103593->103600 103597 e87e01 103594->103597 103598 e71c50 81 API calls 103595->103598 103596->103604 103601 eed60f 25 API calls 103597->103601 103602 e8720e 103598->103602 103599 e87348 103603 e79bb0 125 API calls 103599->103603 103600->103604 103605 e87e06 103601->103605 103820 e88f20 81 API calls 103602->103820 103607 e8734d 103603->103607 103604->103597 103604->103599 103616 e873b3 103604->103616 103610 e79bb0 125 API calls 103605->103610 103609 e79940 171 API calls 103607->103609 103608 e87219 103611 e7b8a0 170 API calls 103608->103611 103612 e8735d 103609->103612 103614 e87e5c 103610->103614 103636 e87221 std::ios_base::_Ios_base_dtor _AnonymousOriginator __Mtx_unlock 103611->103636 103613 e71b84 84 API calls 103612->103613 103615 e87379 103613->103615 103617 e79940 171 API calls 103614->103617 103618 e71be0 81 API calls 103615->103618 103616->103584 103619 e8746a 103616->103619 103620 e87443 103616->103620 103631 e873ee _LStrxfrm 103616->103631 103621 e87e6c 103617->103621 103622 e87389 103618->103622 103627 ee8713 moneypunct 27 API calls 103619->103627 103619->103631 103620->103594 103626 ee8713 moneypunct 27 API calls 103620->103626 103623 e71b84 84 API calls 103621->103623 103624 e71c50 81 API calls 103622->103624 103628 e87e88 103623->103628 103629 e87397 103624->103629 103625 e874d7 103630 e79bb0 125 API calls 103625->103630 103626->103631 103627->103631 103632 e71be0 81 API calls 103628->103632 103821 e88f20 81 API calls 103629->103821 103635 e874dc 103630->103635 103631->103597 103631->103625 103647 e87542 103631->103647 103633 e87e98 103632->103633 103637 e7b8a0 170 API calls 103633->103637 103639 e79940 171 API calls 103635->103639 103640 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 103636->103640 103651 e87ea3 std::ios_base::_Ios_base_dtor 103637->103651 103638 e873a2 103641 e7b8a0 170 API calls 103638->103641 103642 e874ec 103639->103642 103643 e87dea 103640->103643 103641->103636 103645 e71b84 84 API calls 103642->103645 103644 e87d49 103763 e94b40 103644->103763 103646 e87508 103645->103646 103653 e71be0 81 API calls 103646->103653 103647->103584 103652 e876d8 103647->103652 103654 e875ff 103647->103654 103655 e875d6 103647->103655 103675 e8757f _LStrxfrm 103647->103675 103649 e87d63 103762 e8e380 231 API calls 103649->103762 103650 e87b9d 103650->103584 103650->103644 103659 e87c00 103650->103659 103698 e87bde _LStrxfrm 103650->103698 103658 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 103651->103658 103652->103584 103657 e8786e 103652->103657 103660 e8776c 103652->103660 103661 e87795 103652->103661 103671 e87715 _LStrxfrm 103652->103671 103656 e87518 103653->103656 103666 ee8713 moneypunct 27 API calls 103654->103666 103654->103675 103655->103594 103665 ee8713 moneypunct 27 API calls 103655->103665 103662 e71c50 81 API calls 103656->103662 103657->103584 103664 e87a07 103657->103664 103669 e8792e 103657->103669 103670 e87905 103657->103670 103676 e878ae _LStrxfrm 103657->103676 103663 e885c6 103658->103663 103683 e87c35 103659->103683 103694 e87c5c 103659->103694 103660->103594 103677 ee8713 moneypunct 27 API calls 103660->103677 103661->103671 103680 ee8713 moneypunct 27 API calls 103661->103680 103667 e87526 103662->103667 103664->103584 103664->103650 103672 e87a44 _LStrxfrm 103664->103672 103673 e87a9b 103664->103673 103674 e87ac2 103664->103674 103665->103675 103666->103675 103822 e88f20 81 API calls 103667->103822 103668 e8766d 103679 e79bb0 125 API calls 103668->103679 103669->103676 103688 ee8713 moneypunct 27 API calls 103669->103688 103670->103594 103686 ee8713 moneypunct 27 API calls 103670->103686 103671->103597 103671->103657 103681 e87803 103671->103681 103672->103597 103672->103650 103693 e87b32 103672->103693 103673->103594 103689 ee8713 moneypunct 27 API calls 103673->103689 103674->103672 103691 ee8713 moneypunct 27 API calls 103674->103691 103675->103597 103675->103652 103675->103668 103676->103597 103676->103664 103682 e8799c 103676->103682 103677->103671 103685 e87672 103679->103685 103680->103671 103687 e79bb0 125 API calls 103681->103687 103690 e79bb0 125 API calls 103682->103690 103683->103594 103692 e87c40 103683->103692 103684 e87531 103695 e7b8a0 170 API calls 103684->103695 103696 e79940 171 API calls 103685->103696 103686->103676 103699 e87808 103687->103699 103688->103676 103689->103672 103700 e879a1 103690->103700 103691->103672 103701 ee8713 moneypunct 27 API calls 103692->103701 103702 e79bb0 125 API calls 103693->103702 103694->103698 103703 ee8713 moneypunct 27 API calls 103694->103703 103695->103636 103704 e87682 103696->103704 103697 e87d74 103697->103597 103697->103636 103698->103597 103698->103644 103705 e87ccc 103698->103705 103706 e79940 171 API calls 103699->103706 103707 e79940 171 API calls 103700->103707 103701->103698 103708 e87b37 103702->103708 103703->103698 103709 e71b84 84 API calls 103704->103709 103710 e79bb0 125 API calls 103705->103710 103711 e87818 103706->103711 103713 e879b1 103707->103713 103714 e79940 171 API calls 103708->103714 103715 e8769e 103709->103715 103716 e87cd1 103710->103716 103712 e71b84 84 API calls 103711->103712 103717 e87834 103712->103717 103718 e71b84 84 API calls 103713->103718 103719 e87b47 103714->103719 103720 e71be0 81 API calls 103715->103720 103721 e79940 171 API calls 103716->103721 103723 e71be0 81 API calls 103717->103723 103724 e879cd 103718->103724 103725 e71b84 84 API calls 103719->103725 103726 e876ae 103720->103726 103722 e87ce1 103721->103722 103727 e71b84 84 API calls 103722->103727 103728 e87844 103723->103728 103729 e71be0 81 API calls 103724->103729 103730 e87b63 103725->103730 103731 e71c50 81 API calls 103726->103731 103732 e87cfd 103727->103732 103733 e71c50 81 API calls 103728->103733 103734 e879dd 103729->103734 103735 e71be0 81 API calls 103730->103735 103736 e876bc 103731->103736 103737 e71be0 81 API calls 103732->103737 103738 e87852 103733->103738 103739 e71c50 81 API calls 103734->103739 103740 e87b73 103735->103740 103823 e88f20 81 API calls 103736->103823 103742 e87d0d 103737->103742 103824 e88f20 81 API calls 103738->103824 103744 e879eb 103739->103744 103745 e71c50 81 API calls 103740->103745 103747 e71c50 81 API calls 103742->103747 103825 e88f20 81 API calls 103744->103825 103750 e87b81 103745->103750 103746 e876c7 103751 e7b8a0 170 API calls 103746->103751 103752 e87d1b 103747->103752 103748 e8785d 103753 e7b8a0 170 API calls 103748->103753 103826 e88f20 81 API calls 103750->103826 103751->103636 103827 e88f20 81 API calls 103752->103827 103753->103636 103754 e879f6 103757 e7b8a0 170 API calls 103754->103757 103757->103636 103758 e87b8c 103760 e7b8a0 170 API calls 103758->103760 103759 e87d26 103761 e7b8a0 170 API calls 103759->103761 103760->103636 103761->103636 103762->103697 103829 e952d0 103763->103829 103765 e94b83 103766 ee8713 moneypunct 27 API calls 103765->103766 103767 e94c08 103766->103767 103905 e96340 103767->103905 103769 e94eba 103770 e91b40 29 API calls 103769->103770 103783 e94ec9 _AnonymousOriginator 103770->103783 103772 e94f98 103777 e94fc2 103772->103777 103911 e92f20 29 API calls 3 library calls 103772->103911 103774 e96360 27 API calls 103787 e94d1a 103774->103787 103775 e94c8a 103775->103787 103908 e96c80 29 API calls moneypunct 103775->103908 103779 e9517d 103777->103779 103780 e9502e 103777->103780 103793 e9500e _LStrxfrm 103777->103793 103778 e95187 103782 eed60f 25 API calls 103778->103782 103912 e734d0 21 API calls collate 103779->103912 103789 e9508b 103780->103789 103790 e95062 103780->103790 103786 e9518c 103782->103786 103783->103772 103783->103778 103910 e777a9 5 API calls collate 103783->103910 103785 e95182 Concurrency::cancel_current_task 103785->103778 103795 e79bb0 125 API calls 103786->103795 103787->103769 103787->103774 103791 ee8713 moneypunct 27 API calls 103787->103791 103794 ef594f _Yarn 15 API calls 103787->103794 103909 e96640 27 API calls 3 library calls 103787->103909 103788 eee960 std::_Locinfo::_Getmonths 14 API calls 103806 e950d8 _AnonymousOriginator 103788->103806 103789->103793 103797 ee8713 moneypunct 27 API calls 103789->103797 103790->103785 103792 e9506d 103790->103792 103791->103787 103796 ee8713 moneypunct 27 API calls 103792->103796 103793->103788 103794->103787 103798 e951cb 103795->103798 103799 e95073 103796->103799 103797->103793 103800 e79940 171 API calls 103798->103800 103799->103778 103799->103793 103801 e951db 103800->103801 103803 e71b84 84 API calls 103801->103803 103802 eee960 std::_Locinfo::_Getmonths 14 API calls 103805 e9513b _AnonymousOriginator 103802->103805 103807 e951f7 103803->103807 103804 e9510c _AnonymousOriginator 103804->103802 103811 eee960 std::_Locinfo::_Getmonths 14 API calls 103805->103811 103806->103804 103808 eee960 std::_Locinfo::_Getmonths 14 API calls 103806->103808 103809 e71be0 81 API calls 103807->103809 103808->103806 103810 e95207 103809->103810 103812 e7b8a0 170 API calls 103810->103812 103813 e9514d _AnonymousOriginator 103811->103813 103816 e9520f std::ios_base::_Ios_base_dtor _AnonymousOriginator 103812->103816 103814 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 103813->103814 103815 e95177 103814->103815 103815->103649 103817 eed60f 25 API calls 103816->103817 103818 e952a8 _AnonymousOriginator 103816->103818 103819 e952cb 103817->103819 103818->103649 103820->103608 103821->103638 103822->103684 103823->103746 103824->103748 103825->103754 103826->103758 103827->103759 103830 e9571d 103829->103830 103831 e96440 27 API calls 103830->103831 103832 e9575a GetModuleHandleW 103831->103832 103834 e95816 103832->103834 103835 e96440 27 API calls 103834->103835 103836 e95885 103835->103836 103837 e965c0 25 API calls 103836->103837 103838 e9588c 103837->103838 103839 e96440 27 API calls 103838->103839 103840 e9595c 103839->103840 103841 e96440 27 API calls 103840->103841 103842 e95ae8 103841->103842 103844 e95b83 std::ios_base::_Ios_base_dtor _AnonymousOriginator 103842->103844 103913 e711f3 29 API calls 2 library calls 103842->103913 103846 e96440 27 API calls 103844->103846 103845 e95bdb 103847 e95be6 103845->103847 103852 e95cfc _AnonymousOriginator 103845->103852 103851 e95cc5 103846->103851 103848 e79bb0 125 API calls 103847->103848 103850 e95beb 103848->103850 103849 e96440 27 API calls 103853 e95d62 103849->103853 103854 e79940 171 API calls 103850->103854 103855 e95e30 103851->103855 103856 e95de7 103851->103856 103867 e95cd3 _LStrxfrm 103851->103867 103852->103849 103853->103844 103914 e8aad0 28 API calls 4 library calls 103853->103914 103857 e95bfb 103854->103857 103864 ee8713 moneypunct 27 API calls 103855->103864 103855->103867 103858 e95df2 103856->103858 103859 e96085 Concurrency::cancel_current_task 103856->103859 103861 e71b84 84 API calls 103857->103861 103863 ee8713 moneypunct 27 API calls 103858->103863 103862 e9608a 103859->103862 103865 e95c17 103861->103865 103866 eed60f 25 API calls 103862->103866 103863->103867 103864->103867 103868 e71be0 81 API calls 103865->103868 103870 e9608f 103866->103870 103867->103862 103874 e95ebc _AnonymousOriginator 103867->103874 103869 e95c27 103868->103869 103871 e7b8a0 170 API calls 103869->103871 103872 eed60f 25 API calls 103870->103872 103871->103844 103885 e96094 _AnonymousOriginator 103872->103885 103873 e95f73 _AnonymousOriginator 103875 e95f82 GetModuleHandleW 103873->103875 103874->103873 103876 e96440 27 API calls 103874->103876 103877 e95fc1 103875->103877 103878 e95f95 GetProcAddress 103875->103878 103879 e95f2f 103876->103879 103883 e96440 27 API calls 103877->103883 103878->103877 103881 e95fa7 GetCurrentProcess 103878->103881 103882 e95f45 103879->103882 103915 e8aad0 28 API calls 4 library calls 103879->103915 103881->103877 103882->103870 103882->103873 103882->103875 103887 e96022 103883->103887 103884 e960f4 103892 e9610e SysFreeString 103884->103892 103896 e9611b _AnonymousOriginator 103884->103896 103897 e96166 _AnonymousOriginator 103885->103897 103920 e967b0 26 API calls _AnonymousOriginator 103885->103920 103916 e736db 27 API calls collate 103887->103916 103888 eed60f 25 API calls 103890 e961d9 103888->103890 103891 e9602a 103917 e7372a 5 API calls collate 103891->103917 103892->103896 103893 e961b4 _AnonymousOriginator 103893->103765 103894 e96159 SysFreeString 103894->103897 103896->103894 103896->103897 103897->103888 103897->103893 103898 e96032 103918 e7372a 5 API calls collate 103898->103918 103900 e9603a 103919 e7372a 5 API calls collate 103900->103919 103902 e96042 103903 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 103902->103903 103904 e96059 103903->103904 103904->103765 103906 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 103905->103906 103907 e96355 103906->103907 103907->103775 103908->103775 103909->103787 103910->103783 103911->103777 103913->103845 103914->103844 103915->103882 103916->103891 103917->103898 103918->103900 103919->103902 103920->103884 103921 f03e2f 103922 f02174 std::_Locinfo::_W_Getmonths 15 API calls 103921->103922 103923 f03e3a 103922->103923 103924 f03e41 103923->103924 103926 f03e67 103923->103926 103925 f02098 _free 14 API calls 103924->103925 103928 f03e47 103925->103928 103927 f02098 _free 14 API calls 103926->103927 103927->103928 103929 f02098 _free 14 API calls 103928->103929 103930 f03e9d 103929->103930 103931 ee8367 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 103930->103931 103932 f03eab 103931->103932 103936 efed30 103937 efed4f 103936->103937 103938 efed39 103936->103938 103938->103937 103942 efed5c 103938->103942 103940 efed46 103940->103937 103955 eff009 15 API calls 3 library calls 103940->103955 103943 efed68 103942->103943 103944 efed65 103942->103944 103956 f0a3f0 103943->103956 103944->103940 103950 f02098 _free 14 API calls 103952 efeda9 103950->103952 103951 efed85 103953 f02098 _free 14 API calls 103951->103953 103952->103940 103954 efed7a 103953->103954 103954->103950 103955->103937 103957 f0a3f9 103956->103957 103961 efed6f 103956->103961 103975 f01d66 48 API calls 3 library calls 103957->103975 103959 f0a41c 103976 f0a234 56 API calls 3 library calls 103959->103976 103962 f0a690 GetEnvironmentStringsW 103961->103962 103963 f0a6a7 103962->103963 103973 f0a6fd 103962->103973 103977 f098ff 103963->103977 103964 f0a706 FreeEnvironmentStringsW 103965 efed74 103964->103965 103965->103954 103974 efedfd 25 API calls 4 library calls 103965->103974 103967 f0a6c0 103968 f02174 std::_Locinfo::_W_Getmonths 15 API calls 103967->103968 103967->103973 103969 f0a6d0 103968->103969 103970 f098ff __cftof WideCharToMultiByte 103969->103970 103971 f0a6e8 103969->103971 103970->103971 103972 f02098 _free 14 API calls 103971->103972 103972->103973 103973->103964 103973->103965 103974->103951 103975->103959 103976->103961 103978 f09918 WideCharToMultiByte 103977->103978 103978->103967

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00E95318 Relevance: 69.2, APIs: 12, Strings: 27, Instructions: 928COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 0 e95318-e9532c call ee88fa 3 e9571d-e95b7a call e96440 GetModuleHandleW call e96440 call e965c0 call e96440 * 2 call e89180 0->3 4 e95332-e953a2 call ee8713 call e94a40 0->4 61 e95b7f-e95b81 3->61 62 e95b7a call e89180 3->62 11 e953a7-e9571a call e94a40 * 2 call e961f0 call ee85d4 call e94a40 * 3 call e961f0 call ee85d4 call e94a40 * 3 call e961f0 call ee85d4 call e94a40 * 3 call e961f0 call ee85d4 call ee8713 call ee85bf call ee88b0 4->11 11->3 64 e95b83-e95b8d 61->64 65 e95bc4-e95be0 call e711f3 61->65 62->61 67 e95c8d-e95ccd call e96440 64->67 68 e95b93-e95ba5 64->68 79 e95cfc-e95d06 65->79 80 e95be6-e95c59 call e79bb0 call e79940 call e71b84 call e71be0 call e7b8a0 call ed2bfd 65->80 87 e95db3-e95dc0 67->87 88 e95cd3-e95cd8 67->88 72 e95bab-e95bbf 68->72 73 e95c83-e95c8a call ee8375 68->73 72->73 73->67 83 e95d08-e95d1a 79->83 84 e95d3a-e95d67 call e96440 79->84 80->67 174 e95c5b-e95c6d 80->174 92 e95d1c-e95d2a 83->92 93 e95d30-e95d37 call ee8375 83->93 109 e95d69-e95d73 call e8aad0 84->109 110 e95d78-e95d82 84->110 89 e95dc9-e95dce 87->89 90 e95dc2-e95dc7 87->90 96 e95cda 88->96 97 e95cdc-e95cf7 call eea3a0 88->97 99 e95dd1-e95de5 89->99 90->99 92->93 93->84 96->97 112 e95e8e-e95e98 97->112 105 e95e30-e95e32 99->105 106 e95de7-e95dec 99->106 116 e95e64-e95e86 105->116 117 e95e34-e95e62 call ee8713 105->117 113 e95df2-e95dfd call ee8713 106->113 114 e96085 Concurrency::cancel_current_task 106->114 109->110 110->67 120 e95d88-e95d94 110->120 121 e95e9a-e95ea6 112->121 122 e95ec6-e95ee7 call e89980 112->122 123 e9608a call eed60f 113->123 143 e95e03-e95e2e 113->143 114->123 128 e95e8c 116->128 117->128 120->73 129 e95d9a-e95dae 120->129 131 e95ea8-e95eb6 121->131 132 e95ebc-e95ec3 call ee8375 121->132 142 e95eec-e95eee 122->142 141 e9608f-e960aa call eed60f 123->141 128->112 129->73 131->123 131->132 132->122 159 e960d8-e960fc call e967b0 141->159 160 e960ac-e960b6 141->160 148 e95f7f 142->148 149 e95ef4-e95f34 call e96440 142->149 143->128 152 e95f82-e95f93 GetModuleHandleW 148->152 168 e95f45-e95f4f 149->168 169 e95f36-e95f40 call e8aad0 149->169 157 e95fd1 152->157 158 e95f95-e95fa5 GetProcAddress 152->158 171 e95fd3-e9605c call e96440 call e736db call e7372a * 3 call ee8367 157->171 158->157 165 e95fa7-e95fc5 GetCurrentProcess 158->165 184 e960fe-e96106 159->184 185 e96144-e96149 159->185 166 e960b8-e960c6 160->166 167 e960ce-e960d5 call ee8375 160->167 165->157 215 e95fc7-e95fcb 165->215 175 e960cc 166->175 176 e961d4-e961d9 call eed60f 166->176 167->159 168->152 180 e95f51-e95f5d 168->180 169->168 174->73 187 e95c6f-e95c7d 174->187 175->167 181 e95f5f-e95f6d 180->181 182 e95f73-e95f7d call ee8375 180->182 181->141 181->182 182->152 194 e96108-e9610c 184->194 195 e9613d 184->195 197 e9614b-e96151 185->197 198 e9618f-e96197 185->198 187->73 201 e9611b-e96120 194->201 202 e9610e-e96115 SysFreeString 194->202 195->185 206 e96188 197->206 207 e96153-e96157 197->207 203 e96199-e961a2 198->203 204 e961c0-e961d3 198->204 211 e96132-e9613a call ee8375 201->211 212 e96122-e9612b call ee874c 201->212 202->201 213 e961a4-e961b2 203->213 214 e961b6-e961bd call ee8375 203->214 206->198 208 e96159-e96160 SysFreeString 207->208 209 e96166-e9616b 207->209 208->209 216 e9617d-e96185 call ee8375 209->216 217 e9616d-e96176 call ee874c 209->217 211->195 212->211 213->176 221 e961b4 213->221 214->204 215->157 222 e95fcd-e95fcf 215->222 216->206 217->216 221->214 222->171
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00EE88FA: EnterCriticalSection.KERNEL32(00F6742C,?,?,?,00E8402B,00F6827C,D49C76F0,?,00E81171,?), ref: 00EE8905
                                                                                                                                                                                                              • Part of subcall function 00EE88FA: LeaveCriticalSection.KERNEL32(00F6742C,?,?,?,00E8402B,00F6827C,D49C76F0,?,00E81171,?), ref: 00EE8942
                                                                                                                                                                                                              • Part of subcall function 00E94A40: _com_issue_error.COMSUPP ref: 00E94AD2
                                                                                                                                                                                                              • Part of subcall function 00E94A40: SysFreeString.OLEAUT32(-00000001), ref: 00E94AFD
                                                                                                                                                                                                              • Part of subcall function 00E961F0: Concurrency::cancel_current_task.LIBCPMT ref: 00E962BF
                                                                                                                                                                                                              • Part of subcall function 00EE88B0: EnterCriticalSection.KERNEL32(00F6742C,?,?,00E84086,00F6827C,00F268E0,?), ref: 00EE88BA
                                                                                                                                                                                                              • Part of subcall function 00EE88B0: LeaveCriticalSection.KERNEL32(00F6742C,?,?,00E84086,00F6827C,00F268E0,?), ref: 00EE88ED
                                                                                                                                                                                                              • Part of subcall function 00EE88B0: RtlWakeAllConditionVariable.NTDLL ref: 00EE8964
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,D49C76F0,?,?), ref: 00E957B4
                                                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 00E957C5
                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00E957D1
                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00E957DC
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E96067
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E96085
                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00E9610F
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E9615A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$Concurrency::cancel_current_taskFreeResourceString$EnterLeave$ConditionFindHandleLoadLockModuleVariableWake_com_issue_error
                                                                                                                                                                                                            • String ID: (error)$)$0.0.0.0$4.1.1.865$EstimatedRunTime$Failed to convert wuuid to string$IsWow64Process$NO_REGKEY$PCSystemTypeEx$PowerState$PredictFailure$Root\CIMV2$Time$UUID$UUID$Version$ery)$kState$kernel32$kernel32.dll$orm$root\wmi$select EstimatedRunTime from Win32_Battery$select PCSystemTypeEx from Win32_ComputerSystem$select PowerState from Win32_ComputerSystem$select PredictFailure from MSStorageDriver_FailurePredictStatus$t
                                                                                                                                                                                                            • API String ID: 2830066208-329860846
                                                                                                                                                                                                            • Opcode ID: 19a649d24d24607b9e1ed240c280fa3d877d109434927eef68e013f03385c822
                                                                                                                                                                                                            • Instruction ID: 52c9ee64ade5b2c8341cbc35c0bf1320df9a2a6a6b002c8779fc3c1cf6397f6c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19a649d24d24607b9e1ed240c280fa3d877d109434927eef68e013f03385c822
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 538211709003888BEF24DFA4DC497AEBBB1AF55304F20421DE458BB3D2DBB49A85DB51
                                                                                                                                                                                                            Function 00EA3AC0 Relevance: 66.7, APIs: 3, Strings: 34, Instructions: 1934COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00EA3CE8
                                                                                                                                                                                                              • Part of subcall function 00ED3084: __EH_prolog3.LIBCMT ref: 00ED308B
                                                                                                                                                                                                              • Part of subcall function 00ED3084: std::_Lockit::_Lockit.LIBCPMT ref: 00ED3096
                                                                                                                                                                                                              • Part of subcall function 00ED3084: std::locale::_Setgloballocale.LIBCPMT ref: 00ED30B1
                                                                                                                                                                                                              • Part of subcall function 00ED3084: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED3107
                                                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00EA4934
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00EA4CD5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::locale::_$InitLockitstd::_$H_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::ios_base::_
                                                                                                                                                                                                            • String ID: 2$Command "%s" failed$Couldn't find the ReturnCode attribute of EXIT command$EXIT$EXIT_UPDATE$EXIT_XML$Exit update command triggered. Exiting...$Malformed XML, no UPDATEARRAY element$NWebAdvisor::NXmlUpdater::CUpdater::Process$NWebAdvisor::NXmlUpdater::Hound::End$NWebAdvisor::NXmlUpdater::Hound::ExitResult$NWebAdvisor::NXmlUpdater::Hound::Start$PRECONDITION$PRECONDITIONARRAY$Precondition "%s" evaluated to false$Precondition "%s" evaluated to true$ReturnCode$TAG$UPDATE$UPDATEARRAY$UPDATECOMMANDS$Unable to convert ReturnCode into int$Unable to substitute the return code$XML precondition array returned false due to sniffer actions$XML precondition array returned true due to sniffer actions$XML precondition array with tag %s returned false$XML precondition array with tag %s returned false due to sniffer actions$XML precondition array with tag %s returned true due to sniffer actions$XML precondition failed - no Type specified$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp$false$true$unknown
                                                                                                                                                                                                            • API String ID: 3544396713-2181764886
                                                                                                                                                                                                            • Opcode ID: de0b4b536e88d33ca91c252901e5865dd62233905ea762ec3443c7bc174f97b9
                                                                                                                                                                                                            • Instruction ID: ac3aa6819db570810c4e66f9e7290ee646924d2b10cb4d20d1f8e373b75d29a0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: de0b4b536e88d33ca91c252901e5865dd62233905ea762ec3443c7bc174f97b9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4137AB1D002289BDF24DF64C889BDDBBB4AF49314F1491D9E409BB291DB74AE84CF91
                                                                                                                                                                                                            Function 00E8F110 Relevance: 66.5, APIs: 21, Strings: 16, Instructions: 1782COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8F268
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8F307
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8F37E
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8F8B0
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8FBBD
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8FDB6
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E900BA
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E9015F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 00E905D7
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E90614
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 00E9086A
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E908A7
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,0000018F,00000000,X-Api-Key: ,0000000B,00000000,00000000,?,?,00000004), ref: 00E90A90
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E90ACD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Querying AdhocTelemetryAWS value failed: , xrefs: 00E8F217
                                                                                                                                                                                                            • HTTP send request failed for AWS: , xrefs: 00E9085A
                                                                                                                                                                                                            • NO_REGVALUE, xrefs: 00E8F54F
                                                                                                                                                                                                            • AWS Adhoc Telemetry Payload = , xrefs: 00E8FB62
                                                                                                                                                                                                            • HTTP status error for AWS: , xrefs: 00E9011E
                                                                                                                                                                                                            • HTTP receive response failed for AWS: , xrefs: 00E905C7
                                                                                                                                                                                                            • AdhocTelemetryAWS, xrefs: 00E8F1B6
                                                                                                                                                                                                            • Failed to convert the x_api_key string to wide, xrefs: 00E8FD8F
                                                                                                                                                                                                            • SOFTWARE\McAfee\WebAdvisor, xrefs: 00E8F181
                                                                                                                                                                                                            • AWS Response Code received , xrefs: 00E90079
                                                                                                                                                                                                            • X-Api-Key: , xrefs: 00E8FF28
                                                                                                                                                                                                            • Failed to initialize buffer for AWS, xrefs: 00E8F889
                                                                                                                                                                                                            • 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b, xrefs: 00E8F5B7, 00E8F656
                                                                                                                                                                                                            • HTTP open request failed for AWS: , xrefs: 00E90DB8
                                                                                                                                                                                                            • HTTP add request header failed for AWS x_api_key: , xrefs: 00E90A80
                                                                                                                                                                                                            • HTTP connection failed for AWS: , xrefs: 00E90EBA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$ErrorLast$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                            • String ID: 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b$AWS Adhoc Telemetry Payload = $AWS Response Code received $AdhocTelemetryAWS$Failed to convert the x_api_key string to wide$Failed to initialize buffer for AWS$HTTP add request header failed for AWS x_api_key: $HTTP connection failed for AWS: $HTTP open request failed for AWS: $HTTP receive response failed for AWS: $HTTP send request failed for AWS: $HTTP status error for AWS: $NO_REGVALUE$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$X-Api-Key:
                                                                                                                                                                                                            • API String ID: 1658547907-2938340177
                                                                                                                                                                                                            • Opcode ID: f42c5d0aa921f67ef83b0516eaf7dcce0d9e2e6c6a4d25d209de3d8111906630
                                                                                                                                                                                                            • Instruction ID: 73a1289dbd4bd0b46837da6f6f66864b9612dc939e02ca86c080fbc6faed976d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f42c5d0aa921f67ef83b0516eaf7dcce0d9e2e6c6a4d25d209de3d8111906630
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF29C70A002689BDF24EB24CD89BDDB7B5AF85304F5092E8E44DB7292DB759AC4CF50
                                                                                                                                                                                                            Function 00E85870 Relevance: 60.3, APIs: 22, Strings: 12, Instructions: 780encryptionfilethreadCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1938 e85870-e858d0 GetCurrentProcessId GetCurrentThreadId call ef594f 1941 e86170-e86185 call e7c900 1938->1941 1942 e858d6-e85943 CreateFileW 1938->1942 1950 e861a5-e861ab 1941->1950 1951 e86187-e86189 1941->1951 1944 e8596f-e85973 1942->1944 1945 e85945-e85965 CreateFileW 1942->1945 1948 e8597a-e8599c CreateFileW 1944->1948 1949 e85975 1944->1949 1945->1944 1947 e85967-e8596d 1945->1947 1947->1949 1952 e8599e-e859c0 CreateFileW 1948->1952 1953 e85a05-e85a49 call eea920 UuidCreate 1948->1953 1949->1948 1957 e861ad-e861ba 1950->1957 1958 e861be-e861c4 1950->1958 1951->1950 1954 e8618b-e8618e 1951->1954 1952->1953 1955 e859c2-e859e4 CreateFileW 1952->1955 1964 e8620b-e8621b call e7c900 1953->1964 1965 e85a4f-e85a5f UuidCreate 1953->1965 1954->1950 1961 e86190-e86194 1954->1961 1955->1953 1962 e859e6-e85a03 CreateFileW 1955->1962 1957->1958 1959 e861c6-e861d3 1958->1959 1960 e861d7-e861dd 1958->1960 1959->1960 1967 e861df-e861ec 1960->1967 1968 e861f0-e86206 call ee8367 1960->1968 1961->1950 1969 e86196-e8619a 1961->1969 1962->1953 1964->1954 1965->1964 1970 e85a65-e85a87 call e85790 1965->1970 1967->1968 1969->1950 1973 e8619c-e861a3 call e869a0 1969->1973 1982 e85a89 1970->1982 1983 e85aea-e85af2 1970->1983 1973->1950 1985 e85a90-e85a96 1982->1985 1983->1964 1984 e85af8-e85b30 1983->1984 2002 e85b36-e85b3e 1984->2002 2003 e86207 1984->2003 1986 e85a98-e85a9d 1985->1986 1987 e85a9f-e85aa5 1985->1987 1989 e85ad9-e85ae1 call e85790 1986->1989 1990 e85aae-e85ab4 1987->1990 1991 e85aa7-e85aac 1987->1991 1995 e85ae6-e85ae8 1989->1995 1993 e85abd-e85ac3 1990->1993 1994 e85ab6-e85abb 1990->1994 1991->1989 1997 e85acc-e85ad2 1993->1997 1998 e85ac5-e85aca 1993->1998 1994->1989 1995->1983 1995->1985 1997->1983 1999 e85ad4 1997->1999 1998->1989 1999->1989 2002->2003 2004 e85b44-e85b5c 2002->2004 2003->1964 2004->2003 2007 e85b62-e85b66 2004->2007 2007->2003 2008 e85b6c-e85c01 call e84cc0 2007->2008 2008->2003 2021 e85c07-e85c4a 2008->2021 2026 e8616c 2021->2026 2027 e85c50-e85c54 2021->2027 2026->1941 2027->2026 2028 e85c5a-e85c74 2027->2028 2028->2026 2031 e85c7a-e85c7e 2028->2031 2031->2026 2032 e85c84-e85cd4 call e84cc0 2031->2032 2039 e85cd7-e85ce0 2032->2039 2039->2039 2040 e85ce2-e85d16 CryptAcquireContextW 2039->2040 2041 e85d18-e85d32 CryptCreateHash 2040->2041 2042 e85d65-e85d6b 2040->2042 2041->2042 2043 e85d34-e85d4b CryptHashData 2041->2043 2044 e85d6d-e85d6e CryptDestroyHash 2042->2044 2045 e85d74-e85d7a 2042->2045 2043->2042 2046 e85d4d-e85d5f CryptGetHashParam 2043->2046 2044->2045 2047 e85d7c-e85d7f CryptReleaseContext 2045->2047 2048 e85d85-e85ef5 2045->2048 2046->2042 2047->2048 2048->2026 2077 e85efb-e85f4e call e84cc0 2048->2077 2084 e85f50-e85f59 2077->2084 2084->2084 2085 e85f5b-e85f8f CryptAcquireContextW 2084->2085 2086 e85fde-e85fe4 2085->2086 2087 e85f91-e85fab CryptCreateHash 2085->2087 2089 e85fed-e85ff3 2086->2089 2090 e85fe6-e85fe7 CryptDestroyHash 2086->2090 2087->2086 2088 e85fad-e85fc4 CryptHashData 2087->2088 2088->2086 2091 e85fc6-e85fd8 CryptGetHashParam 2088->2091 2092 e85ffe-e86166 2089->2092 2093 e85ff5-e85ff8 CryptReleaseContext 2089->2093 2090->2089 2091->2086 2092->2026 2093->2092
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00E858AA
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00E858B4
                                                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 00E8593A
                                                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 00E8595C
                                                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 00E85991
                                                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 00E859B5
                                                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 00E859D9
                                                                                                                                                                                                            • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 00E859FD
                                                                                                                                                                                                            • UuidCreate.RPCRT4(00000000), ref: 00E85A41
                                                                                                                                                                                                            • UuidCreate.RPCRT4(00000000), ref: 00E85A57
                                                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?), ref: 00E85D0E
                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000010,00008003,00000000,00000000,?), ref: 00E85D2A
                                                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00E85D43
                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00E85D5F
                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(?), ref: 00E85D6E
                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00E85D7F
                                                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?), ref: 00E85F87
                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 00E85FA3
                                                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00E85FBC
                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00E85FD8
                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(?), ref: 00E85FE7
                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00E85FF8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Crypt$Create$Hash$File$Context$AcquireCurrentDataDestroyParamReleaseUuid$ProcessThread
                                                                                                                                                                                                            • String ID: AacControl$AacControl2$AacControl3$AacControl4$AacControl5$AacControl6$Created access handle %p$\\.\Global\WGUARDNT$\\.\WGUARDNT$accesslib policy %x:%x$al delete policy on terminate process 0x%x (%d) rule$al disable rules on terminate thread 0x%x (%d) rule
                                                                                                                                                                                                            • API String ID: 4128897270-3926088020
                                                                                                                                                                                                            • Opcode ID: 6d1f3f5bfb18beeb226dca2b76f0d6ca803e70ec581c8f555d65647a241b8dc8
                                                                                                                                                                                                            • Instruction ID: 02e7debd80efa75720a0db6fad6e11b49a8ad81a4a4fc06f826b6d818701db5d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d1f3f5bfb18beeb226dca2b76f0d6ca803e70ec581c8f555d65647a241b8dc8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F5257357053049FDB24DF24C894B2EBBE6BB88714F250559FA4AA7391CB74ED029F82
                                                                                                                                                                                                            Function 00EC1840 Relevance: 56.8, APIs: 5, Strings: 27, Instructions: 754registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCreateKeyExW.KERNEL32(80000002,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,-00000028,?,?,-00000028,00000000,?), ref: 00EC1932
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000028,?), ref: 00EC1DAD
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,?,-00000028,?,?,-00000028,00000000,?), ref: 00EC1DD3
                                                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00EC20C4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$CreateInitstd::locale::_
                                                                                                                                                                                                            • String ID: to $(Default)$BIN$DWORD$Error (%d) creating registry key: %s$Error (%d) setting value (%s) under registry key: %s$Key$NUM$NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute$NWebAdvisor::NXmlUpdater::SetRegistryKey$QWORD$STR$Setting variable $Unable to convert %s to hex$Unable to read key or value attribute of SETVAR command$Unable to set the variable$Unable to substitute variables for the SETVAR command$Unknown registry key type: %s$Value$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp$invalid stoul argument$invalid stoull argument$invalid substitutor$memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey$stoul argument out of range$stoull argument out of range
                                                                                                                                                                                                            • API String ID: 3662814871-412574832
                                                                                                                                                                                                            • Opcode ID: a94ca5bc12b2e3405d84b6a05b7f4ab2017219c5a5c28a1303752ef393dae345
                                                                                                                                                                                                            • Instruction ID: a04392c9d84511db8028c71c66883899c769fe99d7a6e5d924d159a1e7866422
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a94ca5bc12b2e3405d84b6a05b7f4ab2017219c5a5c28a1303752ef393dae345
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A52BF70A00308DBEB20DF54CD45F9EB7B5AF05714F1451ADE8097B282E776AA46CFA2
                                                                                                                                                                                                            Function 00ED17A0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 353encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2779 ed17a0-ed17e9 2780 ed184f 2779->2780 2781 ed17eb-ed181d CryptQueryObject 2779->2781 2782 ed1851-ed186c call ee8367 2780->2782 2783 ed186d-ed18ae call ed14f0 2781->2783 2784 ed181f-ed1824 2781->2784 2793 ed18e4-ed18ea 2783->2793 2794 ed18b0-ed18bd call ebe680 2783->2794 2787 ed182d-ed1832 2784->2787 2788 ed1826-ed1827 CryptMsgClose 2784->2788 2791 ed1834-ed183f CertCloseStore 2787->2791 2792 ed1842-ed1848 2787->2792 2788->2787 2791->2792 2792->2780 2795 ed184a-ed184b 2792->2795 2796 ed18f0-ed18f6 2793->2796 2804 ed18bf-ed18c0 CryptMsgClose 2794->2804 2805 ed18c6-ed18cb 2794->2805 2795->2780 2798 ed18fc-ed1944 2796->2798 2799 ed1b40-ed1b4d call ebe680 2796->2799 2802 ed198e-ed19d5 CryptQueryObject 2798->2802 2803 ed1946-ed1951 2798->2803 2813 ed1b4f-ed1b50 CryptMsgClose 2799->2813 2814 ed1b52-ed1b57 2799->2814 2809 ed1a39-ed1a5c call ed14f0 2802->2809 2810 ed19d7-ed19dc 2802->2810 2807 ed1969-ed198b call ee8375 2803->2807 2808 ed1953-ed1961 2803->2808 2804->2805 2811 ed18cd-ed18d8 CertCloseStore 2805->2811 2812 ed18db-ed18df 2805->2812 2807->2802 2815 ed1b7c-ed1b81 call eed60f 2808->2815 2816 ed1967 2808->2816 2832 ed1a5e-ed1a60 2809->2832 2833 ed1ac8-ed1aca 2809->2833 2818 ed19de-ed19df CryptMsgClose 2810->2818 2819 ed19e1-ed19ec 2810->2819 2811->2812 2821 ed1ab8-ed1aba 2812->2821 2813->2814 2822 ed1b59-ed1b64 CertCloseStore 2814->2822 2823 ed1b67 2814->2823 2816->2807 2818->2819 2826 ed19ee-ed19f5 CertCloseStore 2819->2826 2827 ed19f8-ed19fe 2819->2827 2829 ed1abc-ed1abd 2821->2829 2830 ed1ac1-ed1ac3 2821->2830 2822->2823 2823->2815 2826->2827 2834 ed1a05-ed1a1a call ebe630 call ebe680 2827->2834 2835 ed1a00-ed1a01 2827->2835 2829->2830 2830->2782 2839 ed1a65-ed1a70 2832->2839 2840 ed1a62-ed1a63 CryptMsgClose 2832->2840 2837 ed1acc-ed1acd CryptMsgClose 2833->2837 2838 ed1acf-ed1ad4 2833->2838 2854 ed1a1c-ed1a1d CryptMsgClose 2834->2854 2855 ed1a1f-ed1a24 2834->2855 2835->2834 2837->2838 2844 ed1ae4-ed1aea 2838->2844 2845 ed1ad6-ed1ae1 CertCloseStore 2838->2845 2841 ed1a7c-ed1a82 2839->2841 2842 ed1a72-ed1a79 CertCloseStore 2839->2842 2840->2839 2846 ed1a89-ed1a9e call ebe630 call ebe680 2841->2846 2847 ed1a84-ed1a85 2841->2847 2842->2841 2849 ed1aec-ed1aed 2844->2849 2850 ed1af1-ed1af7 2844->2850 2845->2844 2866 ed1aa0-ed1aa1 CryptMsgClose 2846->2866 2867 ed1aa3-ed1aa8 2846->2867 2847->2846 2849->2850 2850->2796 2853 ed1afd-ed1b08 2850->2853 2857 ed1b1c-ed1b3b call ee8375 2853->2857 2858 ed1b0a-ed1b18 2853->2858 2854->2855 2859 ed1a26-ed1a2d CertCloseStore 2855->2859 2860 ed1a30 2855->2860 2857->2796 2858->2815 2862 ed1b1a 2858->2862 2859->2860 2860->2809 2862->2857 2866->2867 2868 ed1aaa-ed1ab1 CertCloseStore 2867->2868 2869 ed1ab4 2867->2869 2868->2869 2869->2821
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000001, %,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ED1815
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00ED1827
                                                                                                                                                                                                              • Part of subcall function 00ED14F0: CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00ED1581
                                                                                                                                                                                                              • Part of subcall function 00ED14F0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 00ED15B2
                                                                                                                                                                                                              • Part of subcall function 00ED14F0: CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 00ED15DD
                                                                                                                                                                                                              • Part of subcall function 00ED14F0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00ED1625
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00ED1837
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00ED18C0
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00ED18D0
                                                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ED19CD
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00ED19DF
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00ED19F1
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00ED1A1D
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00ED1A29
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00ED1A63
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00ED1A75
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00ED1AA1
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00ED1AAD
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00ED1ACD
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00ED1AD9
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00ED1B50
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00ED1B5C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                                                            • String ID: %
                                                                                                                                                                                                            • API String ID: 2648890560-3829165518
                                                                                                                                                                                                            • Opcode ID: e4d319192e439e8ff57ce1dcca8f4f841cf742e0ed7e86461e042d41f9576af1
                                                                                                                                                                                                            • Instruction ID: 79b87296c207776a3cb65ecd899f77ae163c8ecb119aa2277107ecc4822ff289
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4d319192e439e8ff57ce1dcca8f4f841cf742e0ed7e86461e042d41f9576af1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCC10871E00249AAEF10CFA9CD85BEEBBF9EF04704F14556AE505F7280EB759905CBA0
                                                                                                                                                                                                            Function 00EBFFE0 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 368COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2870 ebffe0-ec002d 2871 ec002f-ec004c call ea8650 2870->2871 2872 ec0051-ec0055 2870->2872 2881 ec0557-ec0571 call ee8367 2871->2881 2873 ec00ae-ec010d 2872->2873 2874 ec0057-ec005d 2872->2874 2879 ec010f-ec011b 2873->2879 2880 ec0122-ec0135 2873->2880 2877 ec005f 2874->2877 2878 ec0061-ec006a 2874->2878 2877->2878 2882 ec006c-ec0073 call ed21d0 2878->2882 2883 ec0077-ec007c call ebeb20 2878->2883 2879->2880 2884 ec013b-ec0145 2880->2884 2885 ec0574-ec0579 call e734d0 2880->2885 2893 ec0075 2882->2893 2899 ec007f-ec0081 2883->2899 2886 ec014f-ec0187 2884->2886 2887 ec0147-ec0149 2884->2887 2891 ec0189-ec0194 2886->2891 2892 ec01d3-ec0283 call eea3a0 call e7e9c0 2886->2892 2887->2886 2897 ec019d-ec01a4 2891->2897 2898 ec0196-ec019b 2891->2898 2912 ec0285 2892->2912 2913 ec0287-ec0318 call e7e9c0 call e738d0 * 2 call eea920 2892->2913 2893->2899 2901 ec01a7-ec01cd call e733c3 2897->2901 2898->2901 2899->2873 2902 ec0083-ec0087 2899->2902 2901->2892 2906 ec0089 2902->2906 2907 ec008b-ec00a9 call ea8650 2902->2907 2906->2907 2907->2881 2912->2913 2922 ec0320-ec0328 2913->2922 2923 ec033e-ec0355 2922->2923 2924 ec032a-ec0331 2922->2924 2925 ec0359-ec0383 CreateProcessW 2923->2925 2926 ec0357 2923->2926 2924->2923 2927 ec0333-ec033c 2924->2927 2928 ec03ba-ec03ca WaitForSingleObject 2925->2928 2929 ec0385-ec03b5 GetLastError call ea8650 2925->2929 2926->2925 2927->2922 2927->2923 2931 ec03cc-ec03d0 2928->2931 2932 ec03de-ec03fd GetExitCodeProcess 2928->2932 2938 ec0526-ec053f call e738d0 2929->2938 2934 ec03d4-ec03dc 2931->2934 2935 ec03d2 2931->2935 2936 ec03ff-ec040b GetLastError 2932->2936 2937 ec0430-ec0434 2932->2937 2939 ec0410-ec042b call ea8650 2934->2939 2935->2934 2936->2939 2940 ec046e-ec0477 2937->2940 2941 ec0436-ec043a 2937->2941 2952 ec0544-ec054c 2938->2952 2953 ec0541-ec0542 CloseHandle 2938->2953 2939->2938 2945 ec0480-ec049e 2940->2945 2942 ec043c 2941->2942 2943 ec043e-ec0447 DeleteFileW 2941->2943 2942->2943 2943->2940 2947 ec0449-ec046b GetLastError call ea8650 2943->2947 2945->2945 2949 ec04a0-ec04c4 2945->2949 2947->2940 2954 ec04c6-ec04d2 call e7347e 2949->2954 2955 ec04d7-ec051f call e714a1 call eaa350 call e738d0 * 2 2949->2955 2958 ec054e-ec054f CloseHandle 2952->2958 2959 ec0551 2952->2959 2953->2952 2954->2955 2955->2938 2958->2959 2959->2881
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: D$Failed to delete executable (%d)$Failed to get process exit code (%d)$NWebAdvisor::NXmlUpdater::CExecuteLocalCommand::ExecuteLocalCommand$Signature check failed for command %s$Unable to run %s, error (%d)$Wait for process failed for command %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExecuteLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                            • API String ID: 0-284121414
                                                                                                                                                                                                            • Opcode ID: bb2a36ab3f9344f8262dcb4dec990364dac545fbfab118fe73442f7152eacb63
                                                                                                                                                                                                            • Instruction ID: 4786f53b0d5bb74eef6318d175a5c3e6c096e5ee71c1fd58206776a440c818bc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb2a36ab3f9344f8262dcb4dec990364dac545fbfab118fe73442f7152eacb63
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDE1BB30A01359DBDB24DF28CD49BAEB7B4AF48304F1052EDE409B7291EBB19A85CF51
                                                                                                                                                                                                            Function 00E85110 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 452registryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2969 e85110-e85175 2970 e8517b-e85180 2969->2970 2971 e85762 2969->2971 2970->2971 2972 e85186-e8518b 2970->2972 2973 e85767-e85784 call ee8367 2971->2973 2972->2971 2975 e85191-e851c2 call ef594f 2972->2975 2979 e851cc-e851e1 call eea920 2975->2979 2980 e851c4-e851c7 2975->2980 2983 e85313-e85326 2979->2983 2984 e851e7-e851f3 2979->2984 2980->2973 2986 e85328-e8532d 2983->2986 2987 e85384 2983->2987 2984->2983 2985 e851f9-e851fe 2984->2985 2985->2983 2988 e85204-e8523e RegOpenKeyExW 2985->2988 2989 e8532f-e85334 2986->2989 2990 e85336-e85351 2986->2990 2991 e8538b-e853dc 2987->2991 2994 e852e2-e85311 call eee960 GetLastError 2988->2994 2995 e85244-e85273 RegQueryValueExW 2988->2995 2989->2987 2996 e85357-e8535c 2990->2996 2992 e853fd-e85401 2991->2992 2993 e853de-e853eb OutputDebugStringW call e84f50 2991->2993 2998 e8547e-e85481 2992->2998 2999 e85403-e85449 call eea920 * 2 call e86ae0 2992->2999 3005 e853f0-e853f8 2993->3005 2994->2991 3001 e852ca-e852dc RegCloseKey 2995->3001 3002 e85275-e8527d 2995->3002 3003 e8535e-e85365 2996->3003 3004 e85372-e85381 2996->3004 3010 e8548f-e85496 2998->3010 3011 e85483-e85489 2998->3011 2999->2998 3049 e8544b-e85471 2999->3049 3001->2991 3001->2994 3002->3001 3008 e8527f-e85292 call e84c10 3002->3008 3003->3004 3009 e85367-e85370 3003->3009 3004->2987 3005->2998 3026 e852b4-e852c8 SetLastError RegCloseKey 3008->3026 3027 e85294-e8529c 3008->3027 3009->2996 3009->3004 3012 e8549c-e854b8 OutputDebugStringW call e84e60 3010->3012 3013 e855d1-e855d7 3010->3013 3011->3010 3011->3013 3031 e855cb 3012->3031 3032 e854be-e854d8 call e84e60 3012->3032 3016 e855d9 3013->3016 3017 e855f3 3013->3017 3021 e855df-e855e5 3016->3021 3022 e85703-e8570a 3016->3022 3024 e855f5 3017->3024 3021->3022 3030 e855eb-e855f1 3021->3030 3028 e85739 3022->3028 3029 e8570c-e8571b LoadLibraryExW 3022->3029 3024->3022 3033 e855fb-e85606 3024->3033 3026->2994 3027->3001 3035 e8529e-e852b2 call e84c10 3027->3035 3037 e8573e-e85743 3028->3037 3036 e8571d-e85737 GetLastError call eee960 3029->3036 3029->3037 3030->3024 3031->3013 3051 e854da-e854e0 3032->3051 3052 e854f2-e85516 call ef594f 3032->3052 3039 e85608-e8560a 3033->3039 3040 e85610-e8561c call e84dc0 3033->3040 3035->3001 3035->3026 3036->3037 3046 e8574e-e85753 3037->3046 3047 e85745-e8574b call ee874c 3037->3047 3039->3040 3060 e856ea-e856ef 3040->3060 3061 e85622-e8562a 3040->3061 3055 e8575e-e85760 3046->3055 3056 e85755-e8575b call ee874c 3046->3056 3047->3046 3049->2998 3057 e85518-e8551f 3051->3057 3058 e854e2-e854eb call eee960 3051->3058 3052->3057 3055->2973 3056->3055 3057->3033 3069 e85525-e8554b call e84e60 call e84cc0 3057->3069 3058->3052 3060->3037 3066 e856f1-e85701 call eee960 3060->3066 3061->3060 3065 e85630 3061->3065 3071 e85635-e85639 3065->3071 3066->3037 3083 e8554d-e8557f call eea920 * 2 call e86ae0 3069->3083 3084 e855c4-e855c9 3069->3084 3075 e8563b-e85641 3071->3075 3076 e85643-e8565a 3071->3076 3075->3071 3075->3076 3076->3060 3079 e85660-e856a2 call e84dc0 call ef594f 3076->3079 3079->3060 3089 e856a4-e856e2 call e84dc0 call e84cc0 OutputDebugStringW call eee960 3079->3089 3096 e85584-e8558d 3083->3096 3084->3033 3100 e856e7 3089->3100 3096->3013 3098 e8558f-e855c2 3096->3098 3098->3013 3100->3060
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000002,Software\McAfee\SystemCore,00000000,00020219,?), ref: 00E85225
                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,szInstallDir32,00000000,?,?,?), ref: 00E85265
                                                                                                                                                                                                            • SetLastError.KERNEL32(0000006F,?,?,00F4A17C), ref: 00E852B6
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00E852C2
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E852F6
                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in current directory), ref: 00E853E3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x, xrefs: 00E856B7
                                                                                                                                                                                                            • %ls\%ls, xrefs: 00E85533
                                                                                                                                                                                                            • NCPrivateLoadAndValidateMPTDll: Looking in current directory, xrefs: 00E853DE
                                                                                                                                                                                                            • szInstallDir32, xrefs: 00E8525F
                                                                                                                                                                                                            • NCPrivateLoadAndValidateMPTDll: Looking in EXE directory, xrefs: 00E8549C
                                                                                                                                                                                                            • Software\McAfee\SystemCore, xrefs: 00E8521B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$CloseDebugOpenOutputQueryStringValue
                                                                                                                                                                                                            • String ID: %ls\%ls$NCPrivateLoadAndValidateMPTDll: Looking in EXE directory$NCPrivateLoadAndValidateMPTDll: Looking in current directory$NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x$Software\McAfee\SystemCore$szInstallDir32
                                                                                                                                                                                                            • API String ID: 1760606849-3767168787
                                                                                                                                                                                                            • Opcode ID: 208e80ad81dd0c3a2a8cf4e54d2b4582538388c4d8355646cd1b160607409f07
                                                                                                                                                                                                            • Instruction ID: 65a685e5144b3e6910f6de9997691dcee67324ebd6e3a6d6a7cac55b2ddd6655
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 208e80ad81dd0c3a2a8cf4e54d2b4582538388c4d8355646cd1b160607409f07
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A02BFB2E006199FDB24EB64CC45BAEB7B5BF04304F1491AAE40DB7281EB719E44CF91
                                                                                                                                                                                                            Function 00E870D9 Relevance: 27.2, APIs: 4, Strings: 11, Instructions: 977COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E94B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E9521E
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E87D3D
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E87DFC
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E87DC8
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E87EBB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to add reserved 1 dimension (, xrefs: 00E8769E
                                                                                                                                                                                                            • Failed to add event action (, xrefs: 00E87379
                                                                                                                                                                                                            • Failed to add reserved 3 dimension (, xrefs: 00E879CD
                                                                                                                                                                                                            • Service has not been initialized, xrefs: 00E87E88
                                                                                                                                                                                                            • Failed to add event label (, xrefs: 00E87508
                                                                                                                                                                                                            • u, xrefs: 00E87B57
                                                                                                                                                                                                            • z, xrefs: 00E87CF1
                                                                                                                                                                                                            • Failed to add event category (, xrefs: 00E871F0
                                                                                                                                                                                                            • Failed to add reserved 2 dimension (, xrefs: 00E87834
                                                                                                                                                                                                            • Failed to add reserved 4 dimension (, xrefs: 00E87B63
                                                                                                                                                                                                            • Failed to add reserved 5 dimension (, xrefs: 00E87CFD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                            • String ID: Failed to add event action ($Failed to add event category ($Failed to add event label ($Failed to add reserved 1 dimension ($Failed to add reserved 2 dimension ($Failed to add reserved 3 dimension ($Failed to add reserved 4 dimension ($Failed to add reserved 5 dimension ($Service has not been initialized$u$z
                                                                                                                                                                                                            • API String ID: 342047005-3525645681
                                                                                                                                                                                                            • Opcode ID: b2a3d39ce77920424c7070b6775e87d984e6532f578a3bbcefa5fdab37762d85
                                                                                                                                                                                                            • Instruction ID: 4746079978690dc0302fbd874c74ab465c37ec5ef0ef155c5b9a8c26b673f853
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2a3d39ce77920424c7070b6775e87d984e6532f578a3bbcefa5fdab37762d85
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8282F470604244CFDF18EF24C895BEE7BA4EF45304F20519DE85DAB292EB75DA44CBA2
                                                                                                                                                                                                            Function 00E88FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoCreateGuid.OLE32(?), ref: 00E88FC8
                                                                                                                                                                                                            • StringFromCLSID.OLE32(?,?), ref: 00E88FE0
                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00E89138
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E89173
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E893D1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Could not create registry key , xrefs: 00E8923F
                                                                                                                                                                                                            • SOFTWARE\McAfee\WebAdvisor, xrefs: 00E891FB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskCreateFreeFromGuidIos_base_dtorStringTaskstd::ios_base::_
                                                                                                                                                                                                            • String ID: Could not create registry key $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                            • API String ID: 3741506170-3627174789
                                                                                                                                                                                                            • Opcode ID: 46a09701cb934ababea3f751679fd7e27af72cd1b4d04837e749333c36dfc6e4
                                                                                                                                                                                                            • Instruction ID: c25d5a8432fc7dabbbabe35b349ef3b960cfac66d51fad7fce31a2a3225c2842
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46a09701cb934ababea3f751679fd7e27af72cd1b4d04837e749333c36dfc6e4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10811771A042099FDB14EF74DC49BAE77E8EF44314F24562DF91EA7282EB30A904CB91
                                                                                                                                                                                                            Function 00ED14F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 215encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00ED1581
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 00ED15B2
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 00ED15DD
                                                                                                                                                                                                            • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00ED1625
                                                                                                                                                                                                            • CertFreeCRLContext.CRYPT32(?), ref: 00ED175E
                                                                                                                                                                                                              • Part of subcall function 00EEE960: _free.LIBCMT ref: 00EEE973
                                                                                                                                                                                                            • CertFreeCRLContext.CRYPT32(?), ref: 00ED1738
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CertCryptParam$ContextFree$CertificateFromStoreSubject_free
                                                                                                                                                                                                            • String ID: %
                                                                                                                                                                                                            • API String ID: 4059466977-3829165518
                                                                                                                                                                                                            • Opcode ID: 7a66c2bb389c7c57810a0c3f40c49aa976573389e85a1d8ed509f32410d8ec37
                                                                                                                                                                                                            • Instruction ID: 0d4adcee2934be6cfe3e752574f9e7bbcc628b97e86bddaf22e179f28a252ee0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a66c2bb389c7c57810a0c3f40c49aa976573389e85a1d8ed509f32410d8ec37
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB814671900248EFDF20CF64D940BEEBBB8EF0A344F14519AE925B7352D771AA05DBA1
                                                                                                                                                                                                            Function 00E74C8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00E74CA6
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00E74CB8
                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00E74CD3
                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00E74CE9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00E74CFA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
                                                                                                                                                                                                            • String ID: saBSI.exe
                                                                                                                                                                                                            • API String ID: 592884611-3955546181
                                                                                                                                                                                                            • Opcode ID: 768ce63eb8106e238a712ce6d7632dd241cce171dd5f0f0aed14e6cb9a8c7a31
                                                                                                                                                                                                            • Instruction ID: 0f378636461ad8f4c4ac37af07af35ce84c464df4a77af0aeb12cbee21e8dd78
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 768ce63eb8106e238a712ce6d7632dd241cce171dd5f0f0aed14e6cb9a8c7a31
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0212BB21053049FD331EB24EC49AAFB7D4EB85324F255628FE59E71E0E73089069693
                                                                                                                                                                                                            Function 00E84F50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000,D49C76F0), ref: 00E84FB5
                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E84FDF
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E84FF2
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E8500B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                                                            • String ID: %ls\%ls
                                                                                                                                                                                                            • API String ID: 152501406-2125769799
                                                                                                                                                                                                            • Opcode ID: c3f632d305a26569c24604e7621ddd680d97ea73b8e370fd7ef8d9a103b9316e
                                                                                                                                                                                                            • Instruction ID: 6c6500244054cba1f742f9b372bf167cf0371556c7b327f48de870e8aab0562d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3f632d305a26569c24604e7621ddd680d97ea73b8e370fd7ef8d9a103b9316e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26419672E006199BDB24DF65DC457AFBAB9AB44700F24513AE40EE7281EE71D9048B91
                                                                                                                                                                                                            Function 00EFE8FE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00EFE8FD,00000002,00000002,?,00000002), ref: 00EFE920
                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00EFE8FD,00000002,00000002,?,00000002), ref: 00EFE927
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00EFE939
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                            • Opcode ID: 1c18dd91a971e3944747a47bc97c9b9ce5b28ac8506def6e553245c18dd03430
                                                                                                                                                                                                            • Instruction ID: 149bc271e239204409178259041c6501f12939eaa6c16e9db5bb37e88b60b5ea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c18dd91a971e3944747a47bc97c9b9ce5b28ac8506def6e553245c18dd03430
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75E0463140024CEFCF216F24DD08A683B6AFB84341B149454FA099A231CBB5FD42EA61
                                                                                                                                                                                                            Function 00E75C1E Relevance: 3.1, APIs: 2, Instructions: 76comCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00F3D808,00000000,00000017,00F4B024,00000000,D49C76F0,?,?,?,00000000,00000000,00000000,00F18687,000000FF), ref: 00E75C7A
                                                                                                                                                                                                            • OleRun.OLE32(00000000), ref: 00E75C89
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 542301482-0
                                                                                                                                                                                                            • Opcode ID: 82b1ecbb26190c707c0c170943f55268875d7d3e96dac64dc5f6699a9b76ecc4
                                                                                                                                                                                                            • Instruction ID: d92747ab807e9fd8c22182988a45749853e4ebf9004f2526ae96fbb5469f74c7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82b1ecbb26190c707c0c170943f55268875d7d3e96dac64dc5f6699a9b76ecc4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29218E76A00618AFC715CB58CC45F6EBBB9EB88B21F244169E509A7390DB74AD019A50
                                                                                                                                                                                                            Function 00E74E1F Relevance: 65.5, APIs: 9, Strings: 28, Instructions: 767COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1406 e74e1f-e74e73 call e9d6d0 1409 e74ec6-e74ede call e74d63 1406->1409 1410 e74e75-e74ec1 call e79bb0 call e79940 call e71b84 call e71be0 call e7136c 1406->1410 1415 e74ee0-e74f34 call e79bb0 call e79940 call e71b84 call e71be0 call e7136c 1409->1415 1416 e74f39-e74f46 CoInitializeEx 1409->1416 1410->1409 1451 e758da-e758e1 1415->1451 1420 e74f4d-e74f51 call e75a4f 1416->1420 1421 e74f48-e74f4b 1416->1421 1422 e74f56-e74f7c call ee8760 1420->1422 1421->1420 1421->1422 1432 e74f86 1422->1432 1433 e74f7e-e74f84 1422->1433 1436 e74f88-e74f99 call e75d57 1432->1436 1433->1436 1443 e74ff1-e75008 call ee8760 1436->1443 1444 e74f9b-e74fec call e79bb0 call e79940 call e71b84 call e71be0 call e7136c 1436->1444 1454 e75012 1443->1454 1455 e7500a-e75010 1443->1455 1478 e758ba-e758bf 1444->1478 1452 e758e3-e758e9 CloseHandle 1451->1452 1453 e758ef-e75913 call ee8367 1451->1453 1452->1453 1458 e75014-e7502c call e75db6 1454->1458 1455->1458 1466 e7502e-e75076 call e79bb0 call e79940 call e71b84 call e71be0 call e7136c 1458->1466 1467 e7507b-e750cc call eea920 call ee8760 1458->1467 1507 e758ab-e758b3 1466->1507 1483 e750ce-e750d6 call e86bd0 1467->1483 1484 e750d8 1467->1484 1481 e758c6-e758d2 call e759c2 1478->1481 1482 e758c1 call e77d21 1478->1482 1481->1451 1496 e758d4 CoUninitialize 1481->1496 1482->1481 1485 e750da-e750f0 call e75e16 1483->1485 1484->1485 1497 e75143-e75154 1485->1497 1498 e750f2-e7513e call e79bb0 call e79940 call e71b84 call e71be0 call e7136c 1485->1498 1496->1451 1500 e75156 1497->1500 1501 e7515a-e75176 1497->1501 1533 e75897-e7589c 1498->1533 1500->1501 1504 e7517c-e75194 1501->1504 1505 e75178 1501->1505 1508 e75196 1504->1508 1509 e7519a-e751a9 call ea3670 1504->1509 1505->1504 1507->1478 1510 e758b5 call e77d21 1507->1510 1508->1509 1517 e751f7-e75233 CommandLineToArgvW 1509->1517 1518 e751ab-e751f2 call e79bb0 call e79940 call e71b84 call e71be0 1509->1518 1510->1478 1530 e75235-e75282 call e79bb0 call e79940 call e71b84 call e71be0 GetLastError 1517->1530 1531 e75284-e752b0 call eea920 GetModuleFileNameW 1517->1531 1548 e75310-e75318 call e7136c 1518->1548 1570 e752ff-e7530a call e76140 1530->1570 1545 e752b2-e752fc call e79bb0 call e79940 call e71b84 call e71be0 GetLastError 1531->1545 1546 e7531d-e75367 call e7d730 call eea920 GetLongPathNameW 1531->1546 1535 e758a3-e758a6 call e75946 1533->1535 1536 e7589e call e77d21 1533->1536 1535->1507 1536->1535 1545->1570 1563 e7536d-e75416 call e79bb0 call e79940 call e71b84 call e71be0 GetLastError call e76140 call e761b0 call e74190 call e7136c call eeea46 1546->1563 1564 e75419-e75520 call e7171d * 2 call ea5b70 call e73899 * 2 call e749d2 call e7171d * 2 call ea5b70 call e73899 * 2 call e749d2 1546->1564 1548->1533 1563->1564 1615 e75596-e755a8 call e749d2 1564->1615 1616 e75522-e75591 call e74a04 call e7171d call ea5b70 call e73899 * 2 1564->1616 1570->1548 1622 e75611-e7564f call e74a4a 1615->1622 1623 e755aa-e7560c call e7171d * 2 call ea5b70 call e73899 * 2 1615->1623 1616->1615 1640 e75651-e75693 call e79bb0 call e79940 call e71b84 call e76220 call e7136c 1622->1640 1641 e75698-e756a9 call e74b92 1622->1641 1623->1622 1640->1641 1650 e7571b-e75729 call e73a88 1641->1650 1651 e756ab-e75716 call e79bb0 call e79940 call e71b84 call e71be0 1641->1651 1655 e7572e-e75733 1650->1655 1691 e75887-e7588c call e7136c 1651->1691 1658 e757ed-e75802 call e77d7c 1655->1658 1659 e75739-e7573b 1655->1659 1672 e75806-e75881 call e7372a call e79bb0 call e79940 call e71b84 call e71be0 call e76290 1658->1672 1673 e75804 1658->1673 1663 e75746-e7575b call e77d7c 1659->1663 1664 e7573d-e75740 1659->1664 1674 e7575f-e757e8 call e7372a call e79bb0 call e79940 call e71b84 call e71be0 call e76290 call e7136c 1663->1674 1675 e7575d 1663->1675 1664->1658 1664->1663 1672->1691 1673->1672 1700 e7588f-e75892 call e73899 1674->1700 1675->1674 1691->1700 1700->1533
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E9D6D0: GetModuleHandleW.KERNEL32(kernel32.dll,00E74E6C,D49C76F0), ref: 00E9D6D5
                                                                                                                                                                                                              • Part of subcall function 00E9D6D0: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00E9D6E5
                                                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000000,D49C76F0), ref: 00E74F3E
                                                                                                                                                                                                            • CommandLineToArgvW.SHELL32(?,?), ref: 00E75226
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 00E75276
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00E752A8
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 00E752F3
                                                                                                                                                                                                            • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 00E7535F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002), ref: 00E753AE
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000001), ref: 00E758E9
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                              • Part of subcall function 00E7136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E713A5
                                                                                                                                                                                                            • CoUninitialize.OLE32(?,00000001), ref: 00E758D4
                                                                                                                                                                                                              • Part of subcall function 00E86BD0: __Mtx_init_in_situ.LIBCPMT ref: 00E86CC0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$HandleInitInitializeIos_base_dtorModuleNameOncestd::ios_base::_$AddressArgvBeginCloseCommandCompleteFileLineLongMtx_init_in_situPathProcUninitialize
                                                                                                                                                                                                            • String ID: /no_self_update$/store_xml_on_disk$/xml$BSI installation success. Exit code: $BootStrapInstaller$CommandLineToArgvW failed: $Ended$FALSE$Failed$Failed to allocate memory for event sender service$Failed to create xml updater logger$Failed to create xml updater signature verifier$GetLongPathName failed ($GetModuleFileName failed: $InitSecureDllLoading failed.$Install$InvalidArguments$MAIN_XML$Process$SA/WA installation failed with exit code: $SELF_UPDATE_ALLOWED$STORE_XML_ON_DISK$SaBsi.cpp$Some command line BSI variables are invalid.$Started$TRUE$WaitForOtherBSIToExit failed$failed to initialize updater
                                                                                                                                                                                                            • API String ID: 126520999-360321973
                                                                                                                                                                                                            • Opcode ID: 4f8f4524e2b20ae958f6b05b6ec4400d6f681dd615efb7224591fc3e78ff9368
                                                                                                                                                                                                            • Instruction ID: d5e8e304d62f12ba7d51b6045b51cefb0dcc313b291f651b1dd46a2a67fe983d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f8f4524e2b20ae958f6b05b6ec4400d6f681dd615efb7224591fc3e78ff9368
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E625C70900249DFEF14EFA4D895AED7BB4AF54344F509099F80DB7282EB709E48DBA1
                                                                                                                                                                                                            Function 00EAEFC0 Relevance: 63.7, APIs: 13, Strings: 23, Instructions: 743COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1717 eaefc0-eaf053 call ec41f0 call ec4430 1722 eaf07f-eaf13b call eaea50 call eea920 * 2 1717->1722 1723 eaf055-eaf06b call ea8650 1717->1723 1738 eaf168-eaf170 1722->1738 1739 eaf13d-eaf163 GetLastError call eae9b0 1722->1739 1726 eaf070-eaf07a 1723->1726 1728 eafa58-eafa83 call ec4210 call ee8367 1726->1728 1741 eaf18d-eaf1ab call ec4280 1738->1741 1742 eaf172-eaf186 1738->1742 1745 eaf3cb-eaf3e6 call ea8650 1739->1745 1748 eaf1d8-eaf209 call ec4480 1741->1748 1749 eaf1ad-eaf1d3 GetLastError call eae9b0 1741->1749 1742->1741 1745->1728 1755 eaf20b-eaf231 GetLastError call eae9b0 1748->1755 1756 eaf236-eaf255 call ec4250 1748->1756 1749->1745 1755->1745 1761 eaf289-eaf29a call ec4640 1756->1761 1762 eaf257-eaf286 call ea8650 1756->1762 1767 eaf29c-eaf2ee GetLastError call eae9b0 call ea8650 1761->1767 1768 eaf2f3-eaf300 call ec4620 1761->1768 1762->1761 1767->1728 1775 eaf329-eaf33f call ec4560 1768->1775 1776 eaf302-eaf324 GetLastError call eae9b0 1768->1776 1782 eaf389-eaf3a7 call ec44c0 1775->1782 1783 eaf341-eaf384 GetLastError call eae9b0 call ea8650 1775->1783 1776->1745 1789 eaf3eb-eaf41a call ef594f 1782->1789 1790 eaf3a9-eaf3c6 GetLastError call eae9b0 1782->1790 1783->1728 1796 eaf45a-eaf461 1789->1796 1797 eaf41c-eaf455 call eae9b0 call ea8650 1789->1797 1790->1745 1798 eaf4c2-eaf4db call eb08c0 1796->1798 1799 eaf463-eaf48f 1796->1799 1810 eafa4f-eafa50 call eee960 1797->1810 1809 eaf4e0-eaf501 call e744b2 1798->1809 1802 eaf495-eaf49e 1799->1802 1802->1802 1805 eaf4a0-eaf4c0 call e7347e 1802->1805 1805->1809 1816 eaf51d-eaf523 1809->1816 1817 eaf503-eaf517 call e738d0 1809->1817 1815 eafa55 1810->1815 1815->1728 1819 eaf530-eaf537 1816->1819 1820 eaf525-eaf52b call e738d0 1816->1820 1817->1816 1823 eaf539-eaf53f 1819->1823 1824 eaf5a0-eaf5de call eb0230 1819->1824 1820->1819 1826 eaf561-eaf582 call ea8650 1823->1826 1827 eaf541-eaf55f call ea8650 1823->1827 1831 eaf5e0-eaf5e6 1824->1831 1832 eaf657-eaf669 call e738d0 1824->1832 1837 eaf585-eaf59b call eae9b0 1826->1837 1827->1837 1835 eaf5e8-eaf5f7 1831->1835 1836 eaf625-eaf654 1831->1836 1846 eaf66b 1832->1846 1847 eaf66d-eaf676 PathFileExistsW 1832->1847 1839 eaf5f9-eaf607 1835->1839 1840 eaf60f-eaf61f call ee8375 1835->1840 1836->1832 1851 eafa44-eafa4a call e738d0 1837->1851 1843 eafadf-eafb00 call eed60f 1839->1843 1844 eaf60d 1839->1844 1840->1836 1860 eafb0d-eafb11 1843->1860 1861 eafb02-eafb0a call ee8375 1843->1861 1844->1840 1846->1847 1849 eaf67c-eaf68b 1847->1849 1850 eaf83d-eaf844 1847->1850 1856 eaf8b8-eaf8bc 1849->1856 1857 eaf691-eaf6a4 1849->1857 1854 eaf848-eaf86a CreateFileW 1850->1854 1855 eaf846 1850->1855 1851->1810 1862 eaf8fa-eaf942 call ec35a0 call ec45f0 1854->1862 1863 eaf870-eaf8b3 call eae9b0 call ea8650 1854->1863 1855->1854 1866 eaf8be 1856->1866 1867 eaf8c0-eaf8f5 call ea8650 call eae9b0 1856->1867 1864 eafada call e734d0 1857->1864 1865 eaf6aa-eaf6ae 1857->1865 1861->1860 1891 eaf948 1862->1891 1892 eaf9d6-eafa1a CloseHandle call ec35f0 call e7149c 1862->1892 1863->1851 1864->1843 1870 eaf6b8-eaf6f2 1865->1870 1871 eaf6b0-eaf6b2 1865->1871 1866->1867 1867->1851 1877 eaf739-eaf7ba call eea3a0 DeleteFileW 1870->1877 1878 eaf6f4-eaf6ff 1870->1878 1871->1870 1895 eaf7be-eaf7ca call ef65f0 1877->1895 1896 eaf7bc 1877->1896 1882 eaf708-eaf70f 1878->1882 1883 eaf701-eaf706 1878->1883 1888 eaf712-eaf733 call e733c3 1882->1888 1883->1888 1888->1877 1899 eaf950-eaf958 1891->1899 1914 eafa1c-eafa1f 1892->1914 1915 eafa24-eafa33 call eae9b0 1892->1915 1906 eaf82e-eaf838 call e738d0 1895->1906 1907 eaf7cc-eaf7ee call eed73d call eae9b0 1895->1907 1896->1895 1899->1892 1904 eaf95a-eaf973 WriteFile 1899->1904 1908 eaf979-eaf9c9 call eae990 call ec4140 call ec45f0 1904->1908 1909 eafa86-eafad5 call eae9b0 call ea8650 CloseHandle 1904->1909 1906->1850 1927 eaf7f2-eaf829 call ea8650 call e738d0 1907->1927 1928 eaf7f0 1907->1928 1934 eaf9ce-eaf9d0 1908->1934 1929 eafa3a 1909->1929 1914->1915 1915->1929 1927->1851 1928->1927 1929->1851 1934->1892 1934->1899
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EAF13D
                                                                                                                                                                                                              • Part of subcall function 00EA8650: std::locale::_Init.LIBCPMT ref: 00EA882F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000006,00000000,?,?,?,00000000,?,?,?,00000000,00000000), ref: 00EAFAC8
                                                                                                                                                                                                              • Part of subcall function 00EEE960: _free.LIBCMT ref: 00EEE973
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseErrorHandleInitLast_freestd::locale::_
                                                                                                                                                                                                            • String ID: <$Cache-Control: no-cache$CreateFile failed (%d)$File already exists: %s$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, ignore proxy flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator ()$Unable to allocate %d bytes$Unable to extract the filename from url (%s)$Unable to open HTTP transaction$Unable to rename the old file (%d): %s$WinHttpCrackUrl failed (%d), url: %s$WriteFile failed (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$empty filename$false$true
                                                                                                                                                                                                            • API String ID: 2292809486-983596374
                                                                                                                                                                                                            • Opcode ID: e54c2e5270148759c3ec7e6574e8e73d2ae0107a90840285ec81c6f0efd8c0f2
                                                                                                                                                                                                            • Instruction ID: 77f10ec7414aa40c7c5bbd8fd065bf6ab6f3b1d4efefd0bc3b332f3c992503bf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e54c2e5270148759c3ec7e6574e8e73d2ae0107a90840285ec81c6f0efd8c0f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0362A0B0A40619ABDB24DB60CC45FA9B7B4BF49704F0051E9F6187B2D2DB70AE84CF95
                                                                                                                                                                                                            Function 00EB65F0 Relevance: 38.9, APIs: 4, Strings: 18, Instructions: 416COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2370 eb65f0-eb6642 2371 eb6646-eb664a 2370->2371 2372 eb6644 2370->2372 2373 eb6650-eb6662 call e71b0c 2371->2373 2374 eb68c4-eb68de 2371->2374 2372->2371 2373->2374 2382 eb6668-eb6690 2373->2382 2376 eb6a8f-eb6aa3 call ee88fa 2374->2376 2377 eb68e4-eb6900 call ea1ac0 2374->2377 2376->2377 2384 eb6aa9-eb6cc3 call eb60c0 * 3 call e7347e call eb60c0 * 2 call e7347e * 4 call eb6400 call ee85d4 call ee85bf call ee88b0 2376->2384 2387 eb695a-eb6960 2377->2387 2388 eb6902-eb6912 2377->2388 2385 eb6712 2382->2385 2386 eb6696-eb66be 2382->2386 2384->2377 2390 eb6719-eb6727 2385->2390 2393 eb66c4-eb66cd 2386->2393 2391 eb6962 2387->2391 2392 eb6964-eb69a1 call ea8650 2387->2392 2394 eb6916-eb6923 2388->2394 2395 eb6914 2388->2395 2397 eb6729-eb672f call e738d0 2390->2397 2398 eb6734-eb673b 2390->2398 2391->2392 2414 eb69a4-eb69ad 2392->2414 2393->2393 2400 eb66cf-eb6710 call e7347e call ea93a0 2393->2400 2401 eb692d-eb694e call e71b0c 2394->2401 2402 eb6925-eb6927 2394->2402 2395->2394 2397->2398 2405 eb67a8-eb67df call eea920 2398->2405 2406 eb673d-eb677c call ea8650 2398->2406 2400->2385 2400->2390 2417 eb69db-eb69e4 2401->2417 2418 eb6954 2401->2418 2402->2401 2424 eb681d 2405->2424 2425 eb67e1-eb67f5 2405->2425 2428 eb6780-eb6789 2406->2428 2414->2414 2421 eb69af-eb69b7 call e7347e 2414->2421 2417->2387 2426 eb69ea-eb69f6 2417->2426 2418->2387 2418->2426 2434 eb69bc-eb69d8 call ee8367 2421->2434 2431 eb681f-eb6843 GetEnvironmentVariableW 2424->2431 2425->2424 2430 eb67f7-eb67fd 2425->2430 2426->2387 2435 eb69fc-eb6a1c SHGetKnownFolderPath 2426->2435 2428->2428 2433 eb678b-eb67a3 call e7347e call e738d0 2428->2433 2438 eb6800 2430->2438 2439 eb686e-eb68b1 GetLastError call ea8650 2431->2439 2440 eb6845-eb684a 2431->2440 2433->2434 2436 eb6a1e-eb6a22 2435->2436 2437 eb6a54-eb6a8a call e714a1 CoTaskMemFree call e744b2 call e738d0 2435->2437 2444 eb6a26-eb6a4f call ea8650 call e714a1 2436->2444 2445 eb6a24 2436->2445 2437->2434 2438->2424 2447 eb6802-eb6805 2438->2447 2461 eb68b4-eb68bd 2439->2461 2440->2439 2449 eb684c-eb6865 call e714a1 call e738d0 2440->2449 2444->2434 2445->2444 2455 eb686a-eb686c 2447->2455 2456 eb6807-eb681b 2447->2456 2449->2434 2455->2431 2456->2424 2456->2438 2461->2461 2467 eb68bf 2461->2467 2467->2374
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetEnvironmentVariableW.KERNEL32(ProgramW6432,?,00000104), ref: 00EB683B
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EB686E
                                                                                                                                                                                                            • SHGetKnownFolderPath.SHELL32(?,00000000,00000000,?,?,?,?), ref: 00EB6A15
                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 00EB6A6B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: EnvironmentErrorFolderFreeKnownLastPathTaskVariable
                                                                                                                                                                                                            • String ID: CSIDL_COMMON_APPDATA$CSIDL_COMMON_DOCUMENTS$CSIDL_COMMON_STARTUP$CSIDL_PROGRAM_FILES$CSIDL_PROGRAM_FILESX64$CSIDL_PROGRAM_FILESX86$CSIDL_PROGRAM_FILES_COMMON$CSIDL_SYSTEM$CSIDL_SYSTEMX86$CSIDL_WINDOWS$Error retrieving directory %s$GetEnvironmentVariable failed (%d)$NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute$ProgramFiles$ProgramW6432$Unable to get the platform$Unknown folder identifier: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp
                                                                                                                                                                                                            • API String ID: 3946049928-1874136459
                                                                                                                                                                                                            • Opcode ID: 430c4d357f8793e18fec64516b0588d10ebe73c60d59b6ec944cf807067b94cc
                                                                                                                                                                                                            • Instruction ID: 7c3ba8cdc5f8b05b7b9b8f7304d1b63c35f148eb8c15f95bfdd7f0be777b2bc6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 430c4d357f8793e18fec64516b0588d10ebe73c60d59b6ec944cf807067b94cc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B902F070A00358DBDB24EF24CC4ABDEB7B0EF54708F105199E40977281EBB9AA88DF55
                                                                                                                                                                                                            Function 00EAEAA0 Relevance: 37.8, APIs: 8, Strings: 17, Instructions: 326COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2492 eaeaa0-eaeb46 call ec41f0 call ec4430 2497 eaec1b-eaec28 2492->2497 2498 eaeb4c-eaebf6 call eea920 * 2 2492->2498 2500 eaef5b-eaef83 call ec4210 call ee8367 2497->2500 2509 eaebf8-eaec18 GetLastError call ea8650 2498->2509 2510 eaec2d-eaec35 2498->2510 2509->2497 2512 eaec52-eaec6d call ec4280 2510->2512 2513 eaec37-eaec4b 2510->2513 2517 eaec6f-eaec9f GetLastError call ea8650 2512->2517 2518 eaeca4-eaecd5 call ec4480 2512->2518 2513->2512 2517->2500 2523 eaed0c-eaed2b call ec4250 2518->2523 2524 eaecd7-eaed07 GetLastError call ea8650 2518->2524 2529 eaed4c-eaed5d call ec4640 2523->2529 2530 eaed2d-eaed49 GetLastError call ea8650 2523->2530 2524->2500 2535 eaed5f-eaeda0 GetLastError call ea8650 2529->2535 2536 eaeda5-eaedb2 call ec4620 2529->2536 2530->2529 2535->2500 2541 eaedb4-eaede0 GetLastError call ea8650 2536->2541 2542 eaede5-eaedfb call ec4560 2536->2542 2541->2500 2547 eaedfd-eaee2f GetLastError call ea8650 2542->2547 2548 eaee34-eaee52 call ec44c0 2542->2548 2547->2500 2553 eaee88-eaeea4 call ef594f 2548->2553 2554 eaee54-eaee83 GetLastError call ea8650 2548->2554 2559 eaeeda-eaef01 call ec45f0 2553->2559 2560 eaeea6-eaeed5 call ea8650 call eee960 2553->2560 2554->2500 2563 eaef06-eaef08 2559->2563 2560->2500 2565 eaef0a 2563->2565 2566 eaef46-eaef58 call eee960 2563->2566 2569 eaef10-eaef18 2565->2569 2566->2500 2569->2566 2571 eaef1a-eaef22 2569->2571 2573 eaef86-eaefb9 call ea8650 call eee960 2571->2573 2574 eaef24-eaef44 call ec45f0 2571->2574 2573->2500 2574->2566 2574->2569
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(D49C76F0), ref: 00EAEBF9
                                                                                                                                                                                                            • GetLastError.KERNEL32(D49C76F0,?,00000000,?), ref: 00EAEC70
                                                                                                                                                                                                            • GetLastError.KERNEL32(D49C76F0,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00EAECD8
                                                                                                                                                                                                              • Part of subcall function 00EA8650: std::locale::_Init.LIBCPMT ref: 00EA882F
                                                                                                                                                                                                            • GetLastError.KERNEL32(D49C76F0,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00EAED2E
                                                                                                                                                                                                            • GetLastError.KERNEL32(D49C76F0,true,00000000,00000000,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00EAED75
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Initstd::locale::_
                                                                                                                                                                                                            • String ID: @]$Cache-Control: no-cache$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, proxy ignore flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator ()$Not enough space in buffer: bufferLength(%d) Read(%d)$Unable to allocate %d bytes$WinHttpCrackUrl failed (%d), url: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$false$true
                                                                                                                                                                                                            • API String ID: 1579124236-839783326
                                                                                                                                                                                                            • Opcode ID: baab12071ad58d43c698b050a9f34bbafeda7edbf073a059a887eb96ef40a787
                                                                                                                                                                                                            • Instruction ID: 3263d4d6a4c4161004b181a90ca59ecbce92e7352c81d6d2d4eb99814f22f60c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: baab12071ad58d43c698b050a9f34bbafeda7edbf073a059a887eb96ef40a787
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17C1C8F0A4071CAAEB209F10CD42FE9B7B4BF55B04F405199F608772C2D7B16A84DB6A
                                                                                                                                                                                                            Function 00EABC60 Relevance: 33.8, APIs: 2, Strings: 17, Instructions: 570fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2581 eabc60-eabd0a call e7347e 2584 eabd0e-eabd14 2581->2584 2585 eabd0c 2581->2585 2586 eabd18-eabd39 call eafbe0 2584->2586 2587 eabd16 2584->2587 2585->2584 2590 eabd3b-eabd3f 2586->2590 2591 eabd6e-eabd94 PathFindExtensionW call ef2041 2586->2591 2587->2586 2592 eabd43-eabd63 call ea8650 2590->2592 2593 eabd41 2590->2593 2598 eabdaa-eabdbe 2591->2598 2599 eabd96-eabda8 call ef2041 2591->2599 2602 eabd69 2592->2602 2603 eabe5d-eabe5f 2592->2603 2593->2592 2600 eabdc9-eabdce call ebeb20 2598->2600 2601 eabdc0-eabdc5 call ed21d0 2598->2601 2599->2598 2609 eabdea-eabdfa call eabbf0 2599->2609 2616 eabdd1-eabdd3 2600->2616 2610 eabdc7 2601->2610 2608 eabe4b-eabe57 DeleteFileW 2602->2608 2607 eabe63-eabe69 2603->2607 2612 eabe6b-eabe7d 2607->2612 2613 eabe99-eabeb3 2607->2613 2608->2603 2631 eabdfc-eabe0e 2609->2631 2632 eabe61 2609->2632 2610->2616 2618 eabe8f-eabe96 call ee8375 2612->2618 2619 eabe7f-eabe8d 2612->2619 2614 eabee3-eabf00 call ee8367 2613->2614 2615 eabeb5-eabec7 2613->2615 2620 eabed9-eabee0 call ee8375 2615->2620 2621 eabec9-eabed7 2615->2621 2616->2609 2623 eabdd5-eabde8 2616->2623 2618->2613 2619->2618 2626 eabf03-eabf63 call eed60f 2619->2626 2620->2614 2621->2620 2621->2626 2630 eabe37-eabe48 call ea8650 2623->2630 2641 eabf74-eac0e0 call e7347e call ea67e0 call e738d0 call e7347e call ea67e0 call e738d0 call e7347e call ea67e0 call e738d0 call e7347e call ea67e0 call e738d0 call e7347e call ea67e0 call e738d0 2626->2641 2642 eabf65-eabf6f 2626->2642 2630->2608 2637 eabe12-eabe1f call ef2041 2631->2637 2638 eabe10 2631->2638 2632->2607 2637->2632 2646 eabe21-eabe32 2637->2646 2638->2637 2686 eac37d-eac382 2641->2686 2687 eac0e6-eac0ee 2641->2687 2645 eac387-eac39d call ea8650 2642->2645 2652 eac39f-eac3a4 2645->2652 2646->2630 2654 eac3a6-eac3b0 2652->2654 2655 eac3c7-eac3e4 call ee8367 2652->2655 2654->2655 2658 eac3b2-eac3be 2654->2658 2658->2655 2664 eac3c0-eac3c2 2658->2664 2664->2655 2686->2645 2687->2686 2688 eac0f4-eac0fc 2687->2688 2689 eac0fe-eac113 call e714a1 2688->2689 2690 eac115-eac121 call e714c1 2688->2690 2695 eac126-eac13c call e744b2 2689->2695 2690->2695 2698 eac13e-eac147 call e738d0 2695->2698 2699 eac14c-eac153 2695->2699 2698->2699 2701 eac166-eac171 2699->2701 2702 eac155-eac161 call e738d0 2699->2702 2704 eac188-eac197 call e714c1 2701->2704 2705 eac173-eac186 call e714a1 2701->2705 2702->2701 2710 eac19a-eac1b0 call e744b2 2704->2710 2705->2710 2713 eac1b2-eac1be call e738d0 2710->2713 2714 eac1c3-eac1ca 2710->2714 2713->2714 2716 eac1cc-eac1d8 call e738d0 2714->2716 2717 eac1dd-eac1e5 2714->2717 2716->2717 2719 eac1fc-eac20b call e714c1 2717->2719 2720 eac1e7-eac1fa call e714a1 2717->2720 2725 eac20e-eac221 call e744b2 2719->2725 2720->2725 2728 eac223-eac22c call e738d0 2725->2728 2729 eac231-eac238 2725->2729 2728->2729 2731 eac23a-eac240 call e738d0 2729->2731 2732 eac245-eac25e call eaa380 2729->2732 2731->2732 2736 eac346-eac34b 2732->2736 2737 eac264-eac271 call eaa380 2732->2737 2738 eac34d-eac35e call ea8650 2736->2738 2737->2736 2743 eac277-eac284 call eaa380 2737->2743 2745 eac361 2738->2745 2743->2736 2749 eac28a-eac297 2743->2749 2747 eac363-eac37b call e738d0 * 3 2745->2747 2747->2652 2751 eac29b-eac2aa call f14db0 2749->2751 2752 eac299 2749->2752 2758 eac2cf-eac301 call e714a1 call ea67e0 call e738d0 2751->2758 2759 eac2ac-eac2ca call ea8650 2751->2759 2752->2751 2769 eac323-eac33d call eabc60 2758->2769 2770 eac303-eac310 call eaa380 2758->2770 2759->2745 2774 eac342-eac344 2769->2774 2775 eac31b-eac31f 2770->2775 2776 eac312-eac319 2770->2776 2774->2747 2775->2769 2777 eac321 2775->2777 2776->2738 2777->2769
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFindExtensionW.SHLWAPI(00000000,?,?,?,?,00F4BFD0,00000000,D49C76F0), ref: 00EABD7A
                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000000), ref: 00EABE57
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DeleteExtensionFileFindPath
                                                                                                                                                                                                            • String ID: .cab$.exe$DestDir$DestFile$Location$MD5$NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand$NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute$Unable to create desusertion directory (%d)$Unable to download %s$Unable to get substitute download variables$Unable to read Location and/or DestDir attribute of DOWNLOAD command$Unable to verify MD5, deleting file: %s$Unable to verify signature, deleting file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp$extra$invalid substitutor
                                                                                                                                                                                                            • API String ID: 3618814920-733304951
                                                                                                                                                                                                            • Opcode ID: 5f8ac8c15a4ff5896709d6babe50dde442783e95a280689f682f943837f82001
                                                                                                                                                                                                            • Instruction ID: 1e0b19ccd7c0ae2fcafb5bf2443404aa6dc8ce4041a3dce16d41e350f1048095
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f8ac8c15a4ff5896709d6babe50dde442783e95a280689f682f943837f82001
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02229E71E002089BDF14DFA4CC95BEEB7B4AF19314F109159E919BB282DB74BA48CF61
                                                                                                                                                                                                            Function 00E80890 Relevance: 28.6, APIs: 12, Strings: 4, Instructions: 560COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 3102 e80890-e808e2 call ed3bab 3105 e808e8-e808ee 3102->3105 3106 e81045-e81046 call ed3faf 3102->3106 3108 e80a53-e80a70 call eea920 3105->3108 3109 e808f4-e8090b ConvertStringSecurityDescriptorToSecurityDescriptorW 3105->3109 3110 e8104b call eed60f 3106->3110 3122 e80a72 3108->3122 3123 e80a75-e80ab6 call e83110 3108->3123 3111 e8101f-e81042 call ed3bbc call ee8367 3109->3111 3112 e80911-e80939 3109->3112 3119 e81050-e81053 3110->3119 3115 e8093b 3112->3115 3116 e8093d-e80942 3112->3116 3115->3116 3120 e80945-e8094e 3116->3120 3124 e8105c-e81069 3119->3124 3125 e81055-e8105a 3119->3125 3120->3120 3126 e80950-e8099f call e7f520 call e7e640 3120->3126 3122->3123 3135 e80fa9-e8101c call e82b90 call ed2bfd 3123->3135 3136 e80abc-e80ac0 3123->3136 3129 e8106c-e81098 call e72a82 call e728d1 call eea332 3124->3129 3125->3129 3147 e809a4-e809bf 3126->3147 3135->3111 3137 e80d19-e80d26 3136->3137 3138 e80ac6-e80bba call ee8713 call eea920 call ed3367 call ed3184 call ed33f6 call e73128 call ed3084 call ed31e9 3136->3138 3143 e80d28 3137->3143 3144 e80d2a-e80d53 call e789b0 3137->3144 3223 e80bbc-e80bcc call ed3367 3138->3223 3224 e80bef-e80c12 call ed5688 3138->3224 3143->3144 3167 e80d59-e80d70 call e72c9c 3144->3167 3168 e80e00-e80e0a 3144->3168 3152 e809fc-e80a1b 3147->3152 3153 e809c1-e809d6 3147->3153 3155 e80a1d-e80a1f 3152->3155 3156 e80a31-e80a40 3152->3156 3160 e809d8-e809e6 3153->3160 3161 e809ec-e809f9 call ee8375 3153->3161 3155->3111 3164 e80a25-e80a2c LocalFree 3155->3164 3165 e80a51 3156->3165 3166 e80a42-e80a4f LocalFree 3156->3166 3160->3110 3160->3161 3161->3152 3164->3111 3165->3108 3166->3108 3179 e80db8-e80dc3 call ed38a1 3167->3179 3180 e80d72-e80d8a 3167->3180 3168->3135 3170 e80e10-e80e3a call e72c9c 3168->3170 3181 e80e89-e80eb2 call ed38a1 3170->3181 3182 e80e3c-e80e6c call e82310 3170->3182 3191 e80dcd-e80de5 3179->3191 3192 e80dc5-e80dc8 call e72510 3179->3192 3180->3179 3203 e80d8c-e80db2 3180->3203 3194 e80ebc 3181->3194 3195 e80eb4-e80eb7 call e72510 3181->3195 3204 e80e6e-e80e79 call ed38a1 3182->3204 3198 e80dfc 3191->3198 3199 e80de7-e80df4 3191->3199 3192->3191 3202 e80ec0-e80ed4 3194->3202 3195->3194 3198->3168 3199->3198 3206 e80eeb-e80f0d 3202->3206 3207 e80ed6-e80ee3 3202->3207 3203->3119 3203->3179 3217 e80e7b-e80e7e call e72510 3204->3217 3218 e80e83-e80e87 3204->3218 3206->3135 3211 e80f13 3206->3211 3207->3206 3215 e80f1e-e80f2b call e83030 3211->3215 3216 e80f15-e80f18 3211->3216 3228 e80f78-e80f82 3215->3228 3229 e80f2d-e80f63 3215->3229 3216->3135 3216->3215 3217->3218 3218->3202 3236 e80bde-e80bec call ed33bf 3223->3236 3237 e80bce-e80bd9 3223->3237 3239 e80c5f-e80c7e call e82c50 3224->3239 3240 e80c14-e80c16 3224->3240 3232 e80f84 3228->3232 3233 e80f86-e80fa4 call e7e790 call e81740 3228->3233 3229->3228 3230 e80f65-e80f68 3229->3230 3230->3124 3235 e80f6e-e80f73 3230->3235 3232->3233 3233->3135 3235->3129 3236->3224 3237->3236 3252 e80caf-e80cb4 3239->3252 3253 e80c80-e80c9a 3239->3253 3244 e80c18-e80c1e call eee960 3240->3244 3245 e80c21-e80c2d 3240->3245 3244->3245 3246 e80c30-e80c34 3245->3246 3246->3246 3251 e80c36-e80c4e call ef594f 3246->3251 3251->3239 3261 e80c50-e80c5c call eea3a0 3251->3261 3256 e80ce2-e80ceb 3252->3256 3257 e80cb6-e80ccd 3252->3257 3253->3252 3268 e80c9c-e80caa 3253->3268 3256->3137 3260 e80ced-e80d04 3256->3260 3257->3256 3270 e80ccf-e80cdd 3257->3270 3260->3137 3272 e80d06-e80d14 3260->3272 3261->3239 3268->3252 3270->3256 3272->3137
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00E80903
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?), ref: 00E80A26
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?), ref: 00E80A43
                                                                                                                                                                                                              • Part of subcall function 00E72510: __EH_prolog3_catch.LIBCMT ref: 00E72517
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E80B08
                                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00E80B50
                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00E80B86
                                                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00E80B97
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E80BC0
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E80BE1
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00E80BF2
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E81017
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E81020
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$DescriptorFreeLocalLockit::_Securitystd::locale::_$AddfacConvertH_prolog3_catchInitIos_base_dtorLocimp::_Locimp_LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockit::~_Mtx_unlockStringstd::ios_base::_
                                                                                                                                                                                                            • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                            • API String ID: 2168703646-3388121372
                                                                                                                                                                                                            • Opcode ID: 4636a2591e5312221f74340c76cd86d55c1ed3aad56416102fd3f34a0e5f0f56
                                                                                                                                                                                                            • Instruction ID: 40b77ed07bef6678d03ef89b7220887cea4b80a5eef0c3850225256dd5216532
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4636a2591e5312221f74340c76cd86d55c1ed3aad56416102fd3f34a0e5f0f56
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0325A709002588FDB64DFA8C945BDDBBF4AF08304F1450A9E949BB392DB74AE85CF91
                                                                                                                                                                                                            Function 00EA9400 Relevance: 25.4, APIs: 7, Strings: 7, Instructions: 870libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 3640 ea9400-ea9483 GetModuleHandleW 3641 ea94c2 3640->3641 3642 ea9485-ea9495 GetProcAddress 3640->3642 3643 ea94c4-ea94dc 3641->3643 3642->3641 3644 ea9497-ea94b3 GetCurrentProcess 3642->3644 3645 ea94e0-ea94e9 3643->3645 3644->3641 3648 ea94b5-ea94bc 3644->3648 3645->3645 3646 ea94eb-ea952e call e7347e 3645->3646 3652 ea9530-ea9539 3646->3652 3648->3641 3650 ea94be-ea94c0 3648->3650 3650->3643 3652->3652 3653 ea953b-ea9567 call e7347e call ea8c60 3652->3653 3658 ea9569-ea9580 call e7347e 3653->3658 3659 ea9585-ea9592 3653->3659 3658->3659 3660 ea95c9-ea95f6 3659->3660 3661 ea9594-ea95a9 3659->3661 3665 ea95f8-ea960d 3660->3665 3666 ea962d-ea9674 call ea91a0 3660->3666 3663 ea95ab-ea95b9 3661->3663 3664 ea95bf-ea95c6 call ee8375 3661->3664 3663->3664 3667 eaa108-eaa121 call eed60f 3663->3667 3664->3660 3669 ea960f-ea961d 3665->3669 3670 ea9623-ea962a call ee8375 3665->3670 3678 ea9677-ea9680 3666->3678 3669->3667 3669->3670 3670->3666 3678->3678 3679 ea9682-ea96a8 call e7347e call ea8c60 3678->3679 3684 ea96aa-ea96b1 3679->3684 3685 ea96be-ea96cb 3679->3685 3686 ea96b3 3684->3686 3687 ea96b5-ea96b9 call e7347e 3684->3687 3688 ea96cd-ea96e2 3685->3688 3689 ea9702-ea972f 3685->3689 3686->3687 3687->3685 3693 ea96f8-ea96ff call ee8375 3688->3693 3694 ea96e4-ea96f2 3688->3694 3690 ea9731-ea9746 3689->3690 3691 ea9766-ea97c9 call eea920 GetModuleFileNameW 3689->3691 3695 ea9748-ea9756 3690->3695 3696 ea975c-ea9763 call ee8375 3690->3696 3703 ea97cb-ea97fb GetLastError call ea8650 3691->3703 3704 ea9816-ea9884 call eb0750 call e73f22 call e738d0 call eea920 GetLongPathNameW 3691->3704 3693->3689 3694->3693 3695->3696 3696->3691 3710 ea9800-ea9809 3703->3710 3722 ea98eb-ea98f1 3704->3722 3723 ea9886-ea98e8 GetLastError call ea8650 call eeea46 3704->3723 3710->3710 3712 ea980b-ea9811 3710->3712 3714 ea990b-ea9948 call e7347e 3712->3714 3719 ea9950-ea9959 3714->3719 3719->3719 3721 ea995b-ea9987 call e7347e call ea8c60 3719->3721 3734 ea9989-ea99a0 call e7347e 3721->3734 3735 ea99a5-ea99b2 3721->3735 3726 ea98f4-ea98fd 3722->3726 3723->3722 3726->3726 3729 ea98ff-ea990a 3726->3729 3729->3714 3734->3735 3737 ea99e9-ea9a16 3735->3737 3738 ea99b4-ea99c9 3735->3738 3739 ea9a18-ea9a2d 3737->3739 3740 ea9a4d-ea9abf call e7347e 3737->3740 3741 ea99cb-ea99d9 3738->3741 3742 ea99df-ea99e6 call ee8375 3738->3742 3743 ea9a2f-ea9a3d 3739->3743 3744 ea9a43-ea9a4a call ee8375 3739->3744 3751 ea9ac0-ea9ac9 3740->3751 3741->3742 3742->3737 3743->3744 3744->3740 3751->3751 3752 ea9acb-ea9af7 call e7347e call ea8c60 3751->3752 3757 ea9af9-ea9b10 call e7347e 3752->3757 3758 ea9b15-ea9b22 3752->3758 3757->3758 3759 ea9b59-ea9b86 3758->3759 3760 ea9b24-ea9b39 3758->3760 3764 ea9b88-ea9b9d 3759->3764 3765 ea9bbd-ea9c2f call e7347e 3759->3765 3762 ea9b3b-ea9b49 3760->3762 3763 ea9b4f-ea9b56 call ee8375 3760->3763 3762->3763 3763->3759 3767 ea9b9f-ea9bad 3764->3767 3768 ea9bb3-ea9bba call ee8375 3764->3768 3774 ea9c30-ea9c39 3765->3774 3767->3768 3768->3765 3774->3774 3775 ea9c3b-ea9c67 call e7347e call ea8c60 3774->3775 3780 ea9c69-ea9c80 call e7347e 3775->3780 3781 ea9c85-ea9c92 3775->3781 3780->3781 3783 ea9cc9-ea9cf6 3781->3783 3784 ea9c94-ea9ca9 3781->3784 3787 ea9cf8-ea9d0d 3783->3787 3788 ea9d2d-ea9d69 call ea8f20 call eaa130 3783->3788 3785 ea9cab-ea9cb9 3784->3785 3786 ea9cbf-ea9cc6 call ee8375 3784->3786 3785->3786 3786->3783 3791 ea9d0f-ea9d1d 3787->3791 3792 ea9d23-ea9d2a call ee8375 3787->3792 3799 ea9d6b-ea9d6d 3788->3799 3800 ea9d72-ea9dae call ea8f60 call eaa130 3788->3800 3791->3792 3792->3788 3799->3800 3805 ea9db0-ea9db2 3800->3805 3806 ea9db7-ea9df3 call ea8ee0 call eaa130 3800->3806 3805->3806 3811 ea9dfc-ea9e38 call ea9120 call eaa130 3806->3811 3812 ea9df5-ea9df7 3806->3812 3817 ea9e3a-ea9e3c 3811->3817 3818 ea9e41-ea9e7d call ea9120 call eaa130 3811->3818 3812->3811 3817->3818 3823 ea9e7f-ea9e81 3818->3823 3824 ea9e86-ea9ec2 call ea90e0 call eaa130 3818->3824 3823->3824 3829 ea9ecb-ea9f07 call ea9160 call eaa130 3824->3829 3830 ea9ec4-ea9ec6 3824->3830 3835 ea9f09-ea9f0b 3829->3835 3836 ea9f10-ea9f4c call ea9060 call eaa130 3829->3836 3830->3829 3835->3836 3841 ea9f4e-ea9f50 3836->3841 3842 ea9f55-ea9f91 call ea9060 call eaa130 3836->3842 3841->3842 3847 ea9f9a-ea9fd6 call ea9020 call eaa130 3842->3847 3848 ea9f93-ea9f95 3842->3848 3853 ea9fd8-ea9fda 3847->3853 3854 ea9fdf-eaa01b call ea90a0 call eaa130 3847->3854 3848->3847 3853->3854 3859 eaa01d-eaa01f 3854->3859 3860 eaa024-eaa060 call ea8fa0 call eaa130 3854->3860 3859->3860 3865 eaa069-eaa0a5 call ea8fe0 call eaa130 3860->3865 3866 eaa062-eaa064 3860->3866 3871 eaa0ae-eaa0e3 call ea8ea0 call eaa130 3865->3871 3872 eaa0a7-eaa0a9 3865->3872 3866->3865 3877 eaa0ec-eaa107 call ee8367 3871->3877 3878 eaa0e5-eaa0e7 3871->3878 3872->3871 3878->3877
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,D49C76F0,?), ref: 00EA947B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00EA948B
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00EA94A8
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00F4A52C,00F4A52A), ref: 00EA97C1
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00F4A52C,00F4A52A), ref: 00EA97CB
                                                                                                                                                                                                            • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 00EA987C
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EA989A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • kernel32, xrefs: 00EA9472
                                                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir, xrefs: 00EA97DC, 00EA98AC
                                                                                                                                                                                                            • IsWow64Process, xrefs: 00EA9485
                                                                                                                                                                                                            • 1.1, xrefs: 00EA9BCB
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 00EA97E1, 00EA98B1
                                                                                                                                                                                                            • GetModuleFileName failed (%d), xrefs: 00EA97D2
                                                                                                                                                                                                            • GetLongPathName failed (%d) for %s, xrefs: 00EA98A2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastModuleName$AddressCurrentFileHandleLongPathProcProcess
                                                                                                                                                                                                            • String ID: 1.1$GetLongPathName failed (%d) for %s$GetModuleFileName failed (%d)$IsWow64Process$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32
                                                                                                                                                                                                            • API String ID: 891933594-2307011595
                                                                                                                                                                                                            • Opcode ID: eb6d70a3d01450b329a24c147af85832770ec69a01933b9d9a0b3b9e0557a705
                                                                                                                                                                                                            • Instruction ID: 92453391fb0dd4e2ac62f408dd1296a595d8eb28642067f23f7c132f1b9187cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb6d70a3d01450b329a24c147af85832770ec69a01933b9d9a0b3b9e0557a705
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9372B0B0A012189FDB28DF64CC85B9DB7B5AF49314F1041DCE209BB292DB75AE84CF65
                                                                                                                                                                                                            Function 00E959AA Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 407COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 3881 e959aa-e95b7a call e96440 call e89180 3894 e95b7f-e95b81 3881->3894 3895 e95b7a call e89180 3881->3895 3896 e95b83-e95b8d 3894->3896 3897 e95bc4-e95be0 call e711f3 3894->3897 3895->3894 3898 e95c8d-e95ccd call e96440 3896->3898 3899 e95b93-e95ba5 3896->3899 3907 e95cfc-e95d06 3897->3907 3908 e95be6-e95c59 call e79bb0 call e79940 call e71b84 call e71be0 call e7b8a0 call ed2bfd 3897->3908 3914 e95db3-e95dc0 3898->3914 3915 e95cd3-e95cd8 3898->3915 3901 e95bab-e95bbf 3899->3901 3902 e95c83-e95c8a call ee8375 3899->3902 3901->3902 3902->3898 3910 e95d08-e95d1a 3907->3910 3911 e95d3a-e95d67 call e96440 3907->3911 3908->3898 3990 e95c5b-e95c6d 3908->3990 3918 e95d1c-e95d2a 3910->3918 3919 e95d30-e95d37 call ee8375 3910->3919 3933 e95d69-e95d73 call e8aad0 3911->3933 3934 e95d78-e95d82 3911->3934 3916 e95dc9-e95dce 3914->3916 3917 e95dc2-e95dc7 3914->3917 3922 e95cda 3915->3922 3923 e95cdc-e95cf7 call eea3a0 3915->3923 3925 e95dd1-e95de5 3916->3925 3917->3925 3918->3919 3919->3911 3922->3923 3936 e95e8e-e95e98 3923->3936 3930 e95e30-e95e32 3925->3930 3931 e95de7-e95dec 3925->3931 3939 e95e64-e95e86 3930->3939 3940 e95e34-e95e62 call ee8713 3930->3940 3937 e95df2-e95dfd call ee8713 3931->3937 3938 e96085 Concurrency::cancel_current_task 3931->3938 3933->3934 3934->3898 3943 e95d88-e95d94 3934->3943 3944 e95e9a-e95ea6 3936->3944 3945 e95ec6-e95eee call e89980 3936->3945 3946 e9608a call eed60f 3937->3946 3964 e95e03-e95e2e 3937->3964 3938->3946 3950 e95e8c 3939->3950 3940->3950 3943->3902 3951 e95d9a-e95dae 3943->3951 3953 e95ea8-e95eb6 3944->3953 3954 e95ebc-e95ec3 call ee8375 3944->3954 3968 e95f7f 3945->3968 3969 e95ef4-e95f34 call e96440 3945->3969 3962 e9608f-e960aa call eed60f 3946->3962 3950->3936 3951->3902 3953->3946 3953->3954 3954->3945 3977 e960d8-e960fc call e967b0 3962->3977 3978 e960ac-e960b6 3962->3978 3964->3950 3971 e95f82-e95f93 GetModuleHandleW 3968->3971 3985 e95f45-e95f4f 3969->3985 3986 e95f36-e95f40 call e8aad0 3969->3986 3975 e95fd1 3971->3975 3976 e95f95-e95fa5 GetProcAddress 3971->3976 3987 e95fd3-e9605c call e96440 call e736db call e7372a * 3 call ee8367 3975->3987 3976->3975 3982 e95fa7-e95fc5 GetCurrentProcess 3976->3982 3999 e960fe-e96106 3977->3999 4000 e96144-e96149 3977->4000 3983 e960b8-e960c6 3978->3983 3984 e960ce-e960d5 call ee8375 3978->3984 3982->3975 4028 e95fc7-e95fcb 3982->4028 3991 e960cc 3983->3991 3992 e961d4-e961d9 call eed60f 3983->3992 3984->3977 3985->3971 3995 e95f51-e95f5d 3985->3995 3986->3985 3990->3902 4002 e95c6f-e95c7d 3990->4002 3991->3984 3996 e95f5f-e95f6d 3995->3996 3997 e95f73-e95f7d call ee8375 3995->3997 3996->3962 3996->3997 3997->3971 4007 e96108-e9610c 3999->4007 4008 e9613d 3999->4008 4010 e9614b-e96151 4000->4010 4011 e9618f-e96197 4000->4011 4002->3902 4014 e9611b-e96120 4007->4014 4015 e9610e-e96115 SysFreeString 4007->4015 4008->4000 4019 e96188 4010->4019 4020 e96153-e96157 4010->4020 4016 e96199-e961a2 4011->4016 4017 e961c0-e961d3 4011->4017 4024 e96132-e9613a call ee8375 4014->4024 4025 e96122-e9612b call ee874c 4014->4025 4015->4014 4026 e961a4-e961b2 4016->4026 4027 e961b6-e961bd call ee8375 4016->4027 4019->4011 4021 e96159-e96160 SysFreeString 4020->4021 4022 e96166-e9616b 4020->4022 4021->4022 4029 e9617d-e96185 call ee8375 4022->4029 4030 e9616d-e96176 call ee874c 4022->4030 4024->4008 4025->4024 4026->3992 4034 e961b4 4026->4034 4027->4017 4028->3975 4035 e95fcd-e95fcf 4028->4035 4029->4019 4030->4029 4034->4027 4035->3987
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E96067
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E96085
                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00E9610F
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E9615A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskFreeString
                                                                                                                                                                                                            • String ID: )$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                            • API String ID: 3597043392-3766208032
                                                                                                                                                                                                            • Opcode ID: 252bbb6d1137b3253e5c6bc1170eff62876eb0af665f085e9da209331fa44faa
                                                                                                                                                                                                            • Instruction ID: e41200f5073ba9521ac5143422bfd9ac6c3752dd840c2620ff2e66f11e1a00c4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 252bbb6d1137b3253e5c6bc1170eff62876eb0af665f085e9da209331fa44faa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49E10071A003489BEF28DFB4C98879EBBB1AF41314F24521DE449BB3D2DB759A84CB51
                                                                                                                                                                                                            Function 00EA6560 Relevance: 22.7, APIs: 14, Strings: 1, Instructions: 211memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 4050 ea6560-ea658d 4051 ea6599-ea659e 4050->4051 4052 ea658f-ea6592 GlobalFree 4050->4052 4053 ea65aa-ea65af 4051->4053 4054 ea65a0-ea65a3 GlobalFree 4051->4054 4052->4051 4055 ea65bb-ea65c8 4053->4055 4056 ea65b1-ea65b4 GlobalFree 4053->4056 4054->4053 4058 ea65ce-ea65d3 4055->4058 4059 ea668c 4055->4059 4056->4055 4060 ea65d9-ea65de 4058->4060 4061 ea66cd-ea66d1 4058->4061 4062 ea668e-ea6693 4059->4062 4065 ea65ea-ea65ec 4060->4065 4066 ea65e0-ea65e3 GlobalFree 4060->4066 4063 ea66dd-ea66ef 4061->4063 4064 ea66d3-ea66d7 4061->4064 4067 ea669f-ea66a4 4062->4067 4068 ea6695-ea6698 GlobalFree 4062->4068 4070 ea66fd-ea6704 4063->4070 4071 ea66f1-ea66fb 4063->4071 4064->4063 4069 ea67d0-ea67d2 4064->4069 4072 ea662b-ea6633 4065->4072 4073 ea65ee-ea65f0 4065->4073 4066->4065 4074 ea66b0-ea66b6 4067->4074 4075 ea66a6-ea66a9 GlobalFree 4067->4075 4068->4067 4069->4062 4076 ea670b-ea672a 4070->4076 4071->4076 4080 ea663f-ea6641 4072->4080 4081 ea6635-ea6638 GlobalFree 4072->4081 4077 ea65f3-ea65fc 4073->4077 4078 ea66bb-ea66cc call ee8367 4074->4078 4079 ea66b8-ea66b9 GlobalFree 4074->4079 4075->4074 4076->4059 4090 ea6730-ea6751 4076->4090 4077->4077 4083 ea65fe-ea6618 GlobalAlloc 4077->4083 4079->4078 4080->4069 4082 ea6647-ea664c 4080->4082 4081->4080 4085 ea6650-ea6659 4082->4085 4083->4059 4087 ea661a-ea6629 call eed660 4083->4087 4085->4085 4089 ea665b-ea6675 GlobalAlloc 4085->4089 4087->4059 4087->4072 4089->4059 4092 ea6677-ea6686 call eed660 4089->4092 4095 ea675e-ea676b 4090->4095 4092->4059 4092->4069 4098 ea676d-ea6779 4095->4098 4099 ea6794-ea6798 4095->4099 4102 ea677b-ea677e GlobalFree 4098->4102 4103 ea6781-ea6786 4098->4103 4100 ea679a-ea67a9 call ea6a70 call ea6af0 4099->4100 4101 ea67ae-ea67ba 4099->4101 4100->4101 4106 ea67bc-ea67bf GlobalFree 4101->4106 4107 ea67c6-ea67cb 4101->4107 4102->4103 4103->4059 4104 ea678c-ea678f GlobalFree 4103->4104 4104->4059 4106->4107 4107->4069 4109 ea67cd-ea67ce GlobalFree 4107->4109 4109->4069
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00EA6590
                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00EA65A1
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00EA65B2
                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00EA65E1
                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000000,?), ref: 00EA660D
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00EA6636
                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000000,?), ref: 00EA666A
                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00EA6696
                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00EA66A7
                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00EA66B9
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00EA677C
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00EA678D
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00EA67BD
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00EA67CE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Global$Free$Alloc
                                                                                                                                                                                                            • String ID: Temp
                                                                                                                                                                                                            • API String ID: 1780285237-2875271924
                                                                                                                                                                                                            • Opcode ID: 87a29ded92f1892a09a480304b64276f3b3f428efbf7dc604f18bc770fb104f2
                                                                                                                                                                                                            • Instruction ID: 6a878929eb334bf429523d7b40d6eb53e82e0319594938ba8c6ca5724fb7ac31
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87a29ded92f1892a09a480304b64276f3b3f428efbf7dc604f18bc770fb104f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D715EB0E002199BDF10DFA5CC84BAEB7B8AF4A708F199559EC01FB241D7B5E945CE60
                                                                                                                                                                                                            Function 00E84200 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?,D49C76F0,?,?), ref: 00E84257
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,?,?), ref: 00E842BC
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E842F2
                                                                                                                                                                                                            • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000000,?,?), ref: 00E84367
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00E84375
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8440A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?), ref: 00E8455B
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Filename for process with id , xrefs: 00E844B0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$ErrorInitLastOnceProcess$BeginCloseCompleteFullHandleImageInitializeNameOpenQuery
                                                                                                                                                                                                            • String ID: Filename for process with id
                                                                                                                                                                                                            • API String ID: 563014942-4200337779
                                                                                                                                                                                                            • Opcode ID: d1f45f879f64a1f5e4ac7c8a3d766ac58f7326d63a68746cd529e87ef279bd9a
                                                                                                                                                                                                            • Instruction ID: d200666293d8e4b88491aeb6f5bb4090ed06fd2f7872c0cc0b9105c422b01658
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1f45f879f64a1f5e4ac7c8a3d766ac58f7326d63a68746cd529e87ef279bd9a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6DD19AB0C1025ADBDB20EFA4D845BEEB7B4FF44304F105669E81DB7281EB746A49CB91
                                                                                                                                                                                                            Function 00F100DE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F0FE25: CreateFileW.KERNEL32(00000000,00000000,?,00F10187,?,?,00000000,?,00F10187,00000000,0000000C), ref: 00F0FE42
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00F101F2
                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F101F9
                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 00F10205
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00F1020F
                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F10218
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00F10238
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00F10385
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00F103B7
                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F103BE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                            • Opcode ID: 534135d4deee72bb0c68975986f7410594006fc49e051efe13d2054bbbe3b6c9
                                                                                                                                                                                                            • Instruction ID: 9b684835e4d69463e088ce0176bbe5213611d1de798e0d485bd46714da5c3794
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 534135d4deee72bb0c68975986f7410594006fc49e051efe13d2054bbbe3b6c9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49A12732A042889FDF19EF68DC55BEE3BE1AB06324F140159F811EB3D1CB758892EB51
                                                                                                                                                                                                            Function 00E8E380 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 271COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E4A1
                                                                                                                                                                                                              • Part of subcall function 00E8DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8DF0C
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E8E3DE
                                                                                                                                                                                                              • Part of subcall function 00E8E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E161
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E8E4FB
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E665
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E6F8
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitMtx_unlockOnce$BeginCompleteInitialize
                                                                                                                                                                                                            • String ID: AdhocTelemetryAzure$Event string is empty$Querying AdhocTelemetryAzure value failed: $SOFTWARE\McAfee\WebAdvisor$]
                                                                                                                                                                                                            • API String ID: 1670716954-2879113573
                                                                                                                                                                                                            • Opcode ID: 7b390a3a255d4d000146719557138a102ad92348f50e5ae7e334eb97d29cefa6
                                                                                                                                                                                                            • Instruction ID: ee938dd2b7ac919f6e432257ad92fce298ea6b8bf74b21a43837ff8d343c75d9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b390a3a255d4d000146719557138a102ad92348f50e5ae7e334eb97d29cefa6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD91D3719002189BDB14EF64DD41BEEB7F8EF55314F0051AAE90DB7381EB705A49CBA2
                                                                                                                                                                                                            Function 00E95A23 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 265COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E96085
                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00E9610F
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00E9615A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeString$Concurrency::cancel_current_task
                                                                                                                                                                                                            • String ID: )$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                            • API String ID: 2663709405-3766208032
                                                                                                                                                                                                            • Opcode ID: 3488dcbbc7919a7ea886ff411112aea3c4fbfb5991c6e3ad5c3bde5f51c696aa
                                                                                                                                                                                                            • Instruction ID: 77e30479ebdf684776a0e1ea4cf95dada39fd7c6607f10b0d119744947d40995
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3488dcbbc7919a7ea886ff411112aea3c4fbfb5991c6e3ad5c3bde5f51c696aa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EB1F171A003489BEF25DFA4C94879DBBB2EF55304F24524DE408BB3D2DBB59A84CB51
                                                                                                                                                                                                            Function 00E8CE00 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 545COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __Mtx_init_in_situ.LIBCPMT ref: 00E8D1E6
                                                                                                                                                                                                              • Part of subcall function 00E7BBB0: std::locale::_Init.LIBCPMT ref: 00E7BBFC
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8D6C4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • .servicebus.windows.net/, xrefs: 00E8D348
                                                                                                                                                                                                            • /messages?timeout=60&api-version=2014-01, xrefs: 00E8D368
                                                                                                                                                                                                            • Content-Type: application/atom+xml;type=entry;charset=utf-8, xrefs: 00E8CF5D
                                                                                                                                                                                                            • u, xrefs: 00E8D666
                                                                                                                                                                                                            • AWS m_url_aws = , xrefs: 00E8D675
                                                                                                                                                                                                            • https://, xrefs: 00E8D334
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitIos_base_dtorMtx_init_in_situstd::ios_base::_std::locale::_
                                                                                                                                                                                                            • String ID: .servicebus.windows.net/$/messages?timeout=60&api-version=2014-01$AWS m_url_aws = $Content-Type: application/atom+xml;type=entry;charset=utf-8$https://$u
                                                                                                                                                                                                            • API String ID: 655687434-3999228595
                                                                                                                                                                                                            • Opcode ID: 8b90f8b42142af515e1db05c6102bf98b0a540f843d0b1efd626e4a2f616bfd7
                                                                                                                                                                                                            • Instruction ID: b5cd0bbb4137fbad6c086ffe05e362a5341ae06696ca21de90fd11ffc570a09b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b90f8b42142af515e1db05c6102bf98b0a540f843d0b1efd626e4a2f616bfd7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A428D70904749CBEB14DF24DD45BA9B7B0FF55308F1096A9E84CAB6A2E770AAC4CF50
                                                                                                                                                                                                            Function 00E83D80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WTSGetActiveConsoleSessionId.KERNEL32(0000003C,?), ref: 00E83E00
                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(WTSQuerySessionInformation failed to retrieve current user name for the log name.), ref: 00E83F9C
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E83FCA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • UNKNOWN, xrefs: 00E83DD2
                                                                                                                                                                                                            • WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name., xrefs: 00E83F81
                                                                                                                                                                                                            • Error retrieving session id for generating log name., xrefs: 00E83E0B
                                                                                                                                                                                                            • WTSQuerySessionInformation failed to retrieve current user name for the log name., xrefs: 00E83F97
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ActiveConcurrency::cancel_current_taskConsoleDebugOutputSessionString
                                                                                                                                                                                                            • String ID: Error retrieving session id for generating log name.$UNKNOWN$WTSQuerySessionInformation failed to retrieve current user name for the log name.$WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name.
                                                                                                                                                                                                            • API String ID: 1186403813-1860316991
                                                                                                                                                                                                            • Opcode ID: 5f74c99caf3d02ec4c5f59b5d1f45e2c5697c65f5ccbd677e153502c7174c37b
                                                                                                                                                                                                            • Instruction ID: 78bc8e0189a63a80ceedbe24e8fedb2557e00bedd958eff77f26a13cfe704a15
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f74c99caf3d02ec4c5f59b5d1f45e2c5697c65f5ccbd677e153502c7174c37b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C51D271E002159BCB14AF75CC85AAEBBB4FF04714F201629E92EE2691E7B49A40CBD1
                                                                                                                                                                                                            Function 00EE9900 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00E94AA5,00E94AA7,00000000,00000000,D49C76F0,?,00000000,?,00EEBE00,00F5BF08,000000FE,?,00E94AA5,?), ref: 00EE9989
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00E94AA5,?,00000000,00000000,?,00EEBE00,00F5BF08,000000FE,?,00E94AA5), ref: 00EE9A04
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00EE9A0F
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00EE9A38
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00EE9A42
                                                                                                                                                                                                            • GetLastError.KERNEL32(80070057,D49C76F0,?,00000000,?,00EEBE00,00F5BF08,000000FE,?,00E94AA5,?), ref: 00EE9A47
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00EE9A5A
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000,?,00EEBE00,00F5BF08,000000FE,?,00E94AA5,?), ref: 00EE9A70
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00EE9A83
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1353541977-0
                                                                                                                                                                                                            • Opcode ID: bcb7d80faed4f590508b4ec503c56c7fa0acd4ff521a62fcbd87831b6913d7ad
                                                                                                                                                                                                            • Instruction ID: 8ea3547914091d1f7001ca6e9946b4cea556daa46b770872f30d1e6eab4b1d11
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcb7d80faed4f590508b4ec503c56c7fa0acd4ff521a62fcbd87831b6913d7ad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1241C7B1A0028D9BD710DFAADC45BAEBBE8AF48714F10523AF509F7292D7359800C7A4
                                                                                                                                                                                                            Function 00E79C50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E7E310: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 00E7E36C
                                                                                                                                                                                                            • __Mtx_init_in_situ.LIBCPMT ref: 00E79DD4
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E7A06D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DescriptorSecurity$Concurrency::cancel_current_taskConvertMtx_init_in_situString
                                                                                                                                                                                                            • String ID: LogLevel$LogRotationCount$LogRotationFileSize$SOFTWARE\McAfee\WebAdvisor$log
                                                                                                                                                                                                            • API String ID: 239504998-2017128786
                                                                                                                                                                                                            • Opcode ID: e220619187b3bbd9c944613b5a5bb7bccf5d168b7e3c2e28832213ce5adbb600
                                                                                                                                                                                                            • Instruction ID: 5142bcedd198bc1f14e75ff5c5062fefba36ad4906b7b87ba7f5b5266a03097b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e220619187b3bbd9c944613b5a5bb7bccf5d168b7e3c2e28832213ce5adbb600
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7C18B71D002499FDB04DFA4CA45BEEBBF0EF58304F249129E419B7291EB75AA44CB91
                                                                                                                                                                                                            Function 00E86D24 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __Mtx_init_in_situ.LIBCPMT ref: 00E86D7B
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E86F75
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E86F88
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorMtx_init_in_situMtx_unlockstd::ios_base::_
                                                                                                                                                                                                            • String ID: event sender$=$Failed to initialize $async
                                                                                                                                                                                                            • API String ID: 3676452600-816272291
                                                                                                                                                                                                            • Opcode ID: 3bf5b00ba45966ce24ba5c62790b1c19f4991968dfe213289d0a119417b72ff1
                                                                                                                                                                                                            • Instruction ID: 969d993e342d2d688a5a9da5b0d6d2a43ace307f8ef215c7094989a22332907c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bf5b00ba45966ce24ba5c62790b1c19f4991968dfe213289d0a119417b72ff1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D61B170A01305DFDB44EF64C855BAEBBF5AF54304F5060A9D80DBB382EB719A48DBA1
                                                                                                                                                                                                            Function 00E8928D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E88FB0: CoCreateGuid.OLE32(?), ref: 00E88FC8
                                                                                                                                                                                                              • Part of subcall function 00E88FB0: StringFromCLSID.OLE32(?,?), ref: 00E88FE0
                                                                                                                                                                                                              • Part of subcall function 00E88FB0: CoTaskMemFree.OLE32(?), ref: 00E89138
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E893D1
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteCreateFreeFromGuidInitializeStringTask
                                                                                                                                                                                                            • String ID: Could not set registry value $Could not set registry value InstallerFlags$Failed to create new UUID$InstallerFlags$UUID$]
                                                                                                                                                                                                            • API String ID: 598746661-2174109026
                                                                                                                                                                                                            • Opcode ID: 1244b6845f5ffd74573ef38249d0b54c05f4fd10678244f25a7d42148fa55a0d
                                                                                                                                                                                                            • Instruction ID: 610cd74940c0267d845eb293bf53d4a7216c66b72150809259715c7fc85d028d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1244b6845f5ffd74573ef38249d0b54c05f4fd10678244f25a7d42148fa55a0d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F516D30A00259DEDF14EF60D892BED77B4EF51304F54A059ED0D77282EB74AA48CBA2
                                                                                                                                                                                                            Function 00E85790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,NotComDllGetInterface), ref: 00E85808
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00E85828
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E85830
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00E85839
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLibrary$AddressErrorLastProc
                                                                                                                                                                                                            • String ID: NotComDllGetInterface$mfeaaca.dll
                                                                                                                                                                                                            • API String ID: 1092183831-2777911605
                                                                                                                                                                                                            • Opcode ID: 4aba945fc238ecb362bc968856f531074960b738ee337936b99fe46f83e71e07
                                                                                                                                                                                                            • Instruction ID: ca92b22e22cd4a293a1ac4c05f9eedbf139298b7b839610edd00acd4e763d341
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4aba945fc238ecb362bc968856f531074960b738ee337936b99fe46f83e71e07
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7421CF33E016198BDB25ABA8D84866EBBB8FF55354F14517AEC09F7300EB718D019BD1
                                                                                                                                                                                                            Function 00E74D63 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E74C8E: GetCurrentProcessId.KERNEL32 ref: 00E74CA6
                                                                                                                                                                                                              • Part of subcall function 00E74C8E: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00E74CB8
                                                                                                                                                                                                              • Part of subcall function 00E74C8E: Process32FirstW.KERNEL32(00000000,?), ref: 00E74CD3
                                                                                                                                                                                                              • Part of subcall function 00E74C8E: Process32NextW.KERNEL32(00000000,0000022C), ref: 00E74CE9
                                                                                                                                                                                                              • Part of subcall function 00E74C8E: CloseHandle.KERNEL32(00000000), ref: 00E74CFA
                                                                                                                                                                                                            • CreateMutexW.KERNEL32(00000000,00000000,Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}), ref: 00E74D88
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00E74DD0
                                                                                                                                                                                                              • Part of subcall function 00E7136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E713A5
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00E74DFC
                                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00E74E0D
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}, xrefs: 00E74D7F
                                                                                                                                                                                                            • CreateMutex failed: , xrefs: 00E74DC2
                                                                                                                                                                                                            • SaBsi.cpp, xrefs: 00E74DA9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateHandleInitIos_base_dtorOnceProcess32std::ios_base::_$BeginCompleteCurrentErrorFirstInitializeLastMutexNextObjectProcessSingleSnapshotToolhelp32Wait
                                                                                                                                                                                                            • String ID: CreateMutex failed: $Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}$SaBsi.cpp
                                                                                                                                                                                                            • API String ID: 2598072538-1117126455
                                                                                                                                                                                                            • Opcode ID: c25ed44a62c7ed253ebcfa810e8e0f4dc93448c0e1a4aa86ab949079d72464fe
                                                                                                                                                                                                            • Instruction ID: 5cb027553b52e462fa4eea28fe48603473d7dbc407a29cce0d62bbe85916217f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c25ed44a62c7ed253ebcfa810e8e0f4dc93448c0e1a4aa86ab949079d72464fe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A11C171254302ABE720EF20D805BAA7BE4BF40314F109C2CB899671D2EB709448DA63
                                                                                                                                                                                                            Function 00E8EEC0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 323COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E8CCB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8CDBB
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E8F0FC
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8F268
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8F307
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Querying AdhocTelemetryAWS value failed: , xrefs: 00E8F217
                                                                                                                                                                                                            • AdhocTelemetryAWS, xrefs: 00E8F1B6
                                                                                                                                                                                                            • SOFTWARE\McAfee\WebAdvisor, xrefs: 00E8F181
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$Concurrency::cancel_current_task
                                                                                                                                                                                                            • String ID: AdhocTelemetryAWS$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                            • API String ID: 1722207485-3297656441
                                                                                                                                                                                                            • Opcode ID: a53c7f54a7e2888dd1496d071528339cce0b2ed67d35450324638442050f354a
                                                                                                                                                                                                            • Instruction ID: 5b69c61876c83fbd3a8e07bea29486492b1d4b9763041098c96a1942a541595c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a53c7f54a7e2888dd1496d071528339cce0b2ed67d35450324638442050f354a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76C19F70D042589FDB14EFA4CC45BEEB7B4EF44314F1052A9E81DB7282EB749A85CB92
                                                                                                                                                                                                            Function 00E8E0D0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E161
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 00E8E278
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E351
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • WinHttpCrackUrl failed for AWS: , xrefs: 00E8E268
                                                                                                                                                                                                            • Unable to open HTTP session for AWS, xrefs: 00E8E327
                                                                                                                                                                                                            • Event Sender already initialized for AWS, xrefs: 00E8E137
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                            • String ID: Event Sender already initialized for AWS$Unable to open HTTP session for AWS$WinHttpCrackUrl failed for AWS:
                                                                                                                                                                                                            • API String ID: 2211357200-794796586
                                                                                                                                                                                                            • Opcode ID: 84ba88aa68bb671fec8f5661b75b2b74d38c72f2ede6ed08a7165a0aaf03fc4b
                                                                                                                                                                                                            • Instruction ID: 8e1a31386d65436245eff821fa38121c6ad493c4f3c175a7214c9fd6b5528579
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84ba88aa68bb671fec8f5661b75b2b74d38c72f2ede6ed08a7165a0aaf03fc4b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA6189709007099ADB24EFA0DC45BEAB7F9FB44305F0055A9E91DA7391EBB06A48CF91
                                                                                                                                                                                                            Function 00E8DE80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 147COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8DF0C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 00E8DFD7
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E0A2
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • WinHttpCrackUrl failed for Azure: , xrefs: 00E8DFC7
                                                                                                                                                                                                            • Event Sender already initialized for Azure, xrefs: 00E8DEE2
                                                                                                                                                                                                            • Unable to open HTTP session for Azure, xrefs: 00E8E078
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                            • String ID: Event Sender already initialized for Azure$Unable to open HTTP session for Azure$WinHttpCrackUrl failed for Azure:
                                                                                                                                                                                                            • API String ID: 2211357200-3864554942
                                                                                                                                                                                                            • Opcode ID: f9d1637c6b4a4b9a469ccaeb1a23dd596835a2aedeeea49bb635f80bdfc3fbec
                                                                                                                                                                                                            • Instruction ID: c85aee16bd2eec2724ebb8bc519af901e15bd617ca43001f1c41521713709f9f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9d1637c6b4a4b9a469ccaeb1a23dd596835a2aedeeea49bb635f80bdfc3fbec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9515B709043589FDB24EF60C845BDEB7F8FB14314F00459DE84AA7391EBB4AA48CB96
                                                                                                                                                                                                            Function 00EAE580 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 131COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Unable to convert XML buffer into wide characters, xrefs: 00EAE6BC
                                                                                                                                                                                                            • NWebAdvisor::XMLParser::ParseBuffer, xrefs: 00EAE5AA, 00EAE6C3
                                                                                                                                                                                                            • a, xrefs: 00EAE6A0
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp, xrefs: 00EAE5AF, 00EAE6C8
                                                                                                                                                                                                            • invalid input, xrefs: 00EAE5A3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __cftoe
                                                                                                                                                                                                            • String ID: NWebAdvisor::XMLParser::ParseBuffer$Unable to convert XML buffer into wide characters$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp$invalid input$a
                                                                                                                                                                                                            • API String ID: 4189289331-2339297409
                                                                                                                                                                                                            • Opcode ID: ece5d8c2eaec5c4beb86aa2e547a82e621c108bfbd0c72e4a2d6c3648457dad9
                                                                                                                                                                                                            • Instruction ID: f8aacf936132fcc78df7bb96eb7cc64e444a1221592e0e7fc5d621c2aae849c1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ece5d8c2eaec5c4beb86aa2e547a82e621c108bfbd0c72e4a2d6c3648457dad9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D341E3B1A00304ABC724DF64E942BAFF7E4BF19710F41152DE80AAB381DBB0F9049791
                                                                                                                                                                                                            Function 00E75A4F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00E75A59
                                                                                                                                                                                                              • Part of subcall function 00E75C1E: CoCreateInstance.OLE32(00F3D808,00000000,00000017,00F4B024,00000000,D49C76F0,?,?,?,00000000,00000000,00000000,00F18687,000000FF), ref: 00E75C7A
                                                                                                                                                                                                              • Part of subcall function 00E75C1E: OleRun.OLE32(00000000), ref: 00E75C89
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00E75B97
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to set new option. Error , xrefs: 00E75B26
                                                                                                                                                                                                            • Activation option is set successfuly, xrefs: 00E75B69
                                                                                                                                                                                                            • i, xrefs: 00E75B5D
                                                                                                                                                                                                            • Failed to create Global Options object. Error , xrefs: 00E75AA9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitOnce$BeginCompleteCreateH_prolog3_InitializeInstanceIos_base_dtor_com_issue_errorstd::ios_base::_
                                                                                                                                                                                                            • String ID: Activation option is set successfuly$Failed to create Global Options object. Error $Failed to set new option. Error $i
                                                                                                                                                                                                            • API String ID: 1362393928-3233122435
                                                                                                                                                                                                            • Opcode ID: a9b70ba528d216cd0fc9381823e66b8a4126fe5da2041b6e3239089db4c7a3f5
                                                                                                                                                                                                            • Instruction ID: 0f255cbca96a6ffed1a85e5cc6ebfa175eaacc325b68e9c4c641a19eb298898e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9b70ba528d216cd0fc9381823e66b8a4126fe5da2041b6e3239089db4c7a3f5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4312F70D11219CAEF04EBA4CC52FEDB7B4BF54304F409598E50977182EB745A46CFA1
                                                                                                                                                                                                            Function 00EF22D9 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00EF2461
                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EF247D
                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00EF2494
                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EF24B2
                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00EF24C9
                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00EF24E7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                            • Opcode ID: f87d5442f0ebf9ebcbd6879315b9098c2ef1ccdfcdcf202bff3e40a4258d3857
                                                                                                                                                                                                            • Instruction ID: 675adb267c1c06ddcdc3370515da1d686b0097011caa800feb6fc6044f70b68f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f87d5442f0ebf9ebcbd6879315b9098c2ef1ccdfcdcf202bff3e40a4258d3857
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A28128B1A0170A9BE7209F79CC82B7AB3E9AF40324F24912EF714EB2C1E774D9019751
                                                                                                                                                                                                            Function 00E807C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __Mtx_destroy_in_situ.LIBCPMT ref: 00E8085F
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00E80903
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?), ref: 00E80A26
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E81020
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 00E808FE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DescriptorSecurity$ConvertFreeLocalMtx_destroy_in_situMtx_unlockString
                                                                                                                                                                                                            • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                            • API String ID: 4147401711-3078421892
                                                                                                                                                                                                            • Opcode ID: 1d2004242510ec816118f8171463093c7f0986c5a47ba103ddca25aefcc08521
                                                                                                                                                                                                            • Instruction ID: aaa6d2d1b50a7322c28b99649e334ddaf94f9025e89d3a3563a677ee43efeb6f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d2004242510ec816118f8171463093c7f0986c5a47ba103ddca25aefcc08521
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1061D1719002988BDB18DF64CC85BDEB7F5EF44308F1041ADE44DA7791D774AA89CB91
                                                                                                                                                                                                            Function 00E77F60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __Xtime_get_ticks.LIBCPMT ref: 00E77FAA
                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E77FBC
                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E77FD0
                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E77FE2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Xtime_get_ticks
                                                                                                                                                                                                            • String ID: [%Y%m%d %H:%M:%S.
                                                                                                                                                                                                            • API String ID: 3638035285-2843400524
                                                                                                                                                                                                            • Opcode ID: 83fcebfb524f106b2765976783a638937439a88f9cb39ea42ae26a681059c073
                                                                                                                                                                                                            • Instruction ID: cbe2cc6aafd332bb514e6dfe23d2803825cbc69a72c9d236a38d7e8c57133f56
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83fcebfb524f106b2765976783a638937439a88f9cb39ea42ae26a681059c073
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49316071E40218AFDB11EBA8CD46FAEBBF8EB54710F104129F509BB281DB74A9058B95
                                                                                                                                                                                                            Function 00E8CCB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8CDBB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                            • String ID: 5$AdhocAWSQAMode$Querying AdhocAWSQAMode value failed: $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                            • API String ID: 539357862-4010608570
                                                                                                                                                                                                            • Opcode ID: ea61dd2de0eb7edae80d99ca87a5d88c400777a47a9a33d68125c8f2867ea1f2
                                                                                                                                                                                                            • Instruction ID: b0771f33cc76e4423acc59f09be1e5f6523a8e9b783586d3996ae547636f5818
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea61dd2de0eb7edae80d99ca87a5d88c400777a47a9a33d68125c8f2867ea1f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0319E7191421C8ADF14EFA0C952BEEB7F8FF58304F605569E90AB3281EB745A08CB61
                                                                                                                                                                                                            Function 00E94B40 Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 562COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E95182
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E9521E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskIos_base_dtorstd::ios_base::_
                                                                                                                                                                                                            • String ID: Invalid arguements passed to AddDimension$N
                                                                                                                                                                                                            • API String ID: 4106036149-286115907
                                                                                                                                                                                                            • Opcode ID: 62e1a11c7b5894d18b6e405ec570799e3cf070bfab2abb8d69953cef4c3aead6
                                                                                                                                                                                                            • Instruction ID: ebe8a48980d0e339c34d3e46467cd0b3052c2cd0ccbf13582c64563735da4130
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62e1a11c7b5894d18b6e405ec570799e3cf070bfab2abb8d69953cef4c3aead6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB32CBB1D002889FEF25CF64C844BAEBBF1FF45304F149299E459BB292D775A985CB80
                                                                                                                                                                                                            Function 00F14DB0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: %s%s$%s\%s$\\?\
                                                                                                                                                                                                            • API String ID: 0-2843747179
                                                                                                                                                                                                            • Opcode ID: 7c0375ac6d12c0e5d9f34d49cf466f79b8f96a8113a8b2a00d757b9ba8c44c4d
                                                                                                                                                                                                            • Instruction ID: 1a07e1f21f144afb7eb189355d0ed6edafcd8ecf386ae9ca36129d31b56960b6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c0375ac6d12c0e5d9f34d49cf466f79b8f96a8113a8b2a00d757b9ba8c44c4d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87D19E72D00218EBCF10DFE4C885ADEB7F8EF49310F544529E815B7291E734AA45DBA1
                                                                                                                                                                                                            Function 00EB39A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 133registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,D49C76F0,00000000,00000001), ref: 00EB39FC
                                                                                                                                                                                                              • Part of subcall function 00EB2820: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,D49C76F0,00000000,00000001,?), ref: 00EB28AC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoOpenQuery
                                                                                                                                                                                                            • String ID: SOFTWARE\WATesting$path
                                                                                                                                                                                                            • API String ID: 165108877-1550987622
                                                                                                                                                                                                            • Opcode ID: 7ef29830f793cb1f51ef50251efdd562eccee7aa2a156558c5209c22d1890f9c
                                                                                                                                                                                                            • Instruction ID: 6be1c218ade843d6b92674a59b7445a15d6a92075fb7884f61f0cbb7733258ec
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ef29830f793cb1f51ef50251efdd562eccee7aa2a156558c5209c22d1890f9c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01518071D00258EBDB20DBA4DD45BDEBBF8AF08704F104199E509B7281DB74AB88CB61
                                                                                                                                                                                                            Function 00EAFBE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,00F4BFD0,00000000,00F4BFD0,00000000,?,0000001C,00000001,00000000,0000001C,?,?,00000014,00F4BFD0,00000000,D49C76F0), ref: 00EAFC1D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 00EAFC9E
                                                                                                                                                                                                            • Destination directory does not exist, xrefs: 00EAFC8F
                                                                                                                                                                                                            • NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk, xrefs: 00EAFC99
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                            • String ID: Desusertion directory does not exist$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp
                                                                                                                                                                                                            • API String ID: 3188754299-3555079292
                                                                                                                                                                                                            • Opcode ID: 130cdefdb8ed5532cd3b4ddb834ac4e0c6a611418f85d903505e5acaa6f2ff35
                                                                                                                                                                                                            • Instruction ID: 39add0ffe4ff1d01fbca7c2bd91ca754b0c8d0197a7b6c97d2696238bf6edbeb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 130cdefdb8ed5532cd3b4ddb834ac4e0c6a611418f85d903505e5acaa6f2ff35
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31216F71E0020CABCF00DFA9D842ADEB7F4AB48724F014266FC09B7281E770AA45DB91
                                                                                                                                                                                                            Function 00E7DC20 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 00E7E367
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                            • API String ID: 0-3078421892
                                                                                                                                                                                                            • Opcode ID: 197e20323abc05adb77998e5e65c3c6c73f2a52ccdf0657f95dee35a69dcf561
                                                                                                                                                                                                            • Instruction ID: db3fed059c7bb247135560afb33850a1c7367c2dc40cfde50bed574eca6d4a4d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 197e20323abc05adb77998e5e65c3c6c73f2a52ccdf0657f95dee35a69dcf561
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A22F5719002489BCB24DF64DC89BEEB7B5FF88304F10969DE409B7391DB75AA84CB90
                                                                                                                                                                                                            Function 00EA8650 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 337COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00EA882F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to create log message string. Error 0x, xrefs: 00EA89CF
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp, xrefs: 00EA8AF6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initstd::locale::_
                                                                                                                                                                                                            • String ID: Failed to create log message string. Error 0x$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp
                                                                                                                                                                                                            • API String ID: 1620887387-1553574442
                                                                                                                                                                                                            • Opcode ID: 96b3c2b5587d51a2239a95a26160d258cb308f5889692feb034f0f89e8837b48
                                                                                                                                                                                                            • Instruction ID: 47d80342c2e55bb03958858f34a2aba53d1f3e881b6a29d73d4b8ed98dcca1ad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96b3c2b5587d51a2239a95a26160d258cb308f5889692feb034f0f89e8837b48
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24E14A74A00259DFDB24CF68C985B9EB7B1FF49304F10819AE409BB281DB75AE84CF61
                                                                                                                                                                                                            Function 00E7E310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 00E7E36C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 00E7E367
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                            • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                            • API String ID: 3907675253-3078421892
                                                                                                                                                                                                            • Opcode ID: 909b7e3db5078551f2d1b17f247baef895499dded6f7480c21597453c4c204f9
                                                                                                                                                                                                            • Instruction ID: d010447f5b5bf829af325bf627dfec307981f183892f68c6e946b3622c3e65be
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 909b7e3db5078551f2d1b17f247baef895499dded6f7480c21597453c4c204f9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C981A2309012599BDB24DF64DD88B9DB7B5EF85308F1092D9E00CA7291EB79AB84CF54
                                                                                                                                                                                                            Function 00E9CC20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 00E9CCBB
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E9CCEC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Unable to set proxy option, error: , xrefs: 00E9CCAB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                            • String ID: Unable to set proxy option, error:
                                                                                                                                                                                                            • API String ID: 879576418-14943890
                                                                                                                                                                                                            • Opcode ID: 5f8e6d28dfc91db9c56a50b12e1304f9597394beb73576f0e680331f77ae1107
                                                                                                                                                                                                            • Instruction ID: db9bfc3025f9222c1be9f5320b9b2ea69d55aa7a6c954d412a5e4caad04ffd2a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f8e6d28dfc91db9c56a50b12e1304f9597394beb73576f0e680331f77ae1107
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71315E71A04319DFEF24EF64CC05B9EB7F9FB04710F10856AE819A7290EB715944DB61
                                                                                                                                                                                                            Function 00F05FD8 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F0576D: GetConsoleCP.KERNEL32(?,00EA860A,00000000), ref: 00F057B5
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,00F5C218,D49C76F0,00000000,D49C76F0,00EA860A,00EA860A,00EA860A,D49C76F0,00000000,?,00EF591E,00000000,00F5C218,00000010), ref: 00F06129
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00EF591E,00000000,00F5C218,00000010,00EA860A), ref: 00F06133
                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F06178
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 251514795-0
                                                                                                                                                                                                            • Opcode ID: 50ad10f610b68b4384e63498c5241488193243bdcfcba303b988a004f9740dba
                                                                                                                                                                                                            • Instruction ID: 9616dd81b8ba558a9a10bb5e669aff6e2bc35b799cb07b080af899bc1c100209
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50ad10f610b68b4384e63498c5241488193243bdcfcba303b988a004f9740dba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D951B271E0420AAFEB109FA4CC45BEEBBB9EF09714F141051E400EB2D2D6759D51BB60
                                                                                                                                                                                                            Function 00E7E640 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,D49C76F0,0000005C,?,?,?,?,00000000,00F1952D,000000FF,?,00E7E09D), ref: 00E7E681
                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,?,00000000,00F1952D,000000FF,?,00E7E09D), ref: 00E7E738
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,00F1952D,000000FF,?,00E7E09D), ref: 00E7E742
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesCreateDirectoryErrorFileLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 674977465-0
                                                                                                                                                                                                            • Opcode ID: 5fd12d394accf9ccf170bc90c32c40772436f8e18e4fcd4b58f407f50a403e5c
                                                                                                                                                                                                            • Instruction ID: 843fc6c128aa427833167173b8399277c94b354932260a7d9ea9a8ac01a595e7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fd12d394accf9ccf170bc90c32c40772436f8e18e4fcd4b58f407f50a403e5c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A431F8719002089BDB28DF98D985B9EB7F5FF49718F14866EE409A3780D7359905CB90
                                                                                                                                                                                                            Function 00ED1F70 Relevance: 4.6, APIs: 3, Instructions: 104encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CertGetCertificateChain.CRYPT32(00000000,?,?,?), ref: 00ED206C
                                                                                                                                                                                                            • CertVerifyCertificateChainPolicy.CRYPT32(00000003,?,?,?), ref: 00ED20A4
                                                                                                                                                                                                            • CertFreeCertificateChain.CRYPT32(?), ref: 00ED20D0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CertCertificateChain$FreePolicyVerify
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1741975133-0
                                                                                                                                                                                                            • Opcode ID: ee6fe690e3eab2b027f61dee7bebea52c73715cff98d28c5e922a4058adf1ad0
                                                                                                                                                                                                            • Instruction ID: 71479e0ce35e2f642182794a9319f25b82675784c2d56bd4f5e4e92e3c0a5713
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee6fe690e3eab2b027f61dee7bebea52c73715cff98d28c5e922a4058adf1ad0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE419F715083859BD720CF54C894B9BBBE8FF99708F04191EF688A7350E7B6E548CB62
                                                                                                                                                                                                            Function 00F0A690 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00F0A699
                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F0A707
                                                                                                                                                                                                              • Part of subcall function 00F098FF: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00F07B21,?,00000000,00000000), ref: 00F099A1
                                                                                                                                                                                                              • Part of subcall function 00F02174: RtlAllocateHeap.NTDLL(00000000,?,?,?,00EE872D,?,?,00E7A1ED,0000002C,D49C76F0), ref: 00F021A6
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0A6F8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2560199156-0
                                                                                                                                                                                                            • Opcode ID: edc1209ae5a76dc3de2a1fd1e8639923b6479aa1c7d8ef35283856bdfdc4ef2e
                                                                                                                                                                                                            • Instruction ID: d160fcbd837afa80d6c3faa4c19db38f3f0b309e963e11fe0ae39c277ae766a3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: edc1209ae5a76dc3de2a1fd1e8639923b6479aa1c7d8ef35283856bdfdc4ef2e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C01AC73A017557BA73115BA1CC9D7B797DDEC7BA03184128F901D62C1E9658D02B1B2
                                                                                                                                                                                                            Function 00F06B6C Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,00EA860A,?,00F06A9A,00EA860A,00F5C5B8,0000000C,00F06B4C,00F5C218), ref: 00F06BC2
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00F06A9A,00EA860A,00F5C5B8,0000000C,00F06B4C,00F5C218), ref: 00F06BCC
                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F06BF7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                            • Opcode ID: fa02bc6d051fe24274bcad2066ce450c86a8f2feb304fa5d6d438f3fa795caa6
                                                                                                                                                                                                            • Instruction ID: 88149582662888ca2a3dc69b48a873b2920fb739e5a622edd645458655cae693
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa02bc6d051fe24274bcad2066ce450c86a8f2feb304fa5d6d438f3fa795caa6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF0126B3E092641AEA246334AC45B7E77899FC2738F250259E919CB1C2DB748C91B191
                                                                                                                                                                                                            Function 00F068F6 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,00F0F765,00000008,00000000,?,?,?,00F069A3,00000000,00000000,?,00F0F765), ref: 00F0692F
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00F069A3,00000000,00000000,?,00F0F765,?,00F0F765,?,00000000,00000000,00000001,?,00000008), ref: 00F06939
                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00F06940
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2336955059-0
                                                                                                                                                                                                            • Opcode ID: a4af090544654a178d315b158e26ea512c44d6022ffe5598d2824465a3882629
                                                                                                                                                                                                            • Instruction ID: 08009e2882de6b3e216fe09fd0f0d35a744c4d57ac6eaeb980b086522678d81c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4af090544654a178d315b158e26ea512c44d6022ffe5598d2824465a3882629
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F01D833A14559ABCB159F69DC459AE3B6AEB853307340205F412DB1D0EA70DD21B750
                                                                                                                                                                                                            Function 00F03E2F Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F02174: RtlAllocateHeap.NTDLL(00000000,?,?,?,00EE872D,?,?,00E7A1ED,0000002C,D49C76F0), ref: 00F021A6
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F03E42
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F03E68
                                                                                                                                                                                                              • Part of subcall function 00F02098: RtlFreeHeap.NTDLL(00000000,00000000,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?), ref: 00F020AE
                                                                                                                                                                                                              • Part of subcall function 00F02098: GetLastError.KERNEL32(?,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?,?), ref: 00F020C0
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F03E98
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$Heap$AllocateErrorFreeLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4150789928-0
                                                                                                                                                                                                            • Opcode ID: e6cf5ad7ee28672ace70fb70d539d815d7db59d91254a1e098047906647d6ff3
                                                                                                                                                                                                            • Instruction ID: ac828343e8518984e7719d30c19cf131c1d45351361080370629bcc724470671
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6cf5ad7ee28672ace70fb70d539d815d7db59d91254a1e098047906647d6ff3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF0D63790023956CF22A224EC05AEF736C8F42760F15439AE985721C1DE284E89B6A0
                                                                                                                                                                                                            Function 00E94A40 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00E94AD2
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(-00000001), ref: 00E94AFD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeString_com_issue_error
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 709734423-0
                                                                                                                                                                                                            • Opcode ID: 5ca27f979b8045a41d7bb42a437bae51cf8c8e6449b8b2e96da66d9d6428326e
                                                                                                                                                                                                            • Instruction ID: 99c01bfcfc1e06c37f74003078239951176bf530bee5da115b13044bd0cf4c42
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ca27f979b8045a41d7bb42a437bae51cf8c8e6449b8b2e96da66d9d6428326e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C21B2B1901755ABD7209F55C805B5AFBE8EF40B20F20472EE865A76C0E7B5A841C790
                                                                                                                                                                                                            Function 00F05BF0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,?,00EA860A,00000000,?,00F0610D,00EA860A,00EA860A,00000000,00F5C218,D49C76F0,00EA860A), ref: 00F05C8C
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00F0610D,00EA860A,00EA860A,00000000,00F5C218,D49C76F0,00EA860A,00EA860A,00EA860A,D49C76F0,00000000,?,00EF591E,00000000,00F5C218), ref: 00F05CB2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 442123175-0
                                                                                                                                                                                                            • Opcode ID: 6721b41dcf4c14f92b2f126e90e4cf62b108bfd462512bc28218d6ba7d6c6fa6
                                                                                                                                                                                                            • Instruction ID: 785aa87167872ed55a2c25a58b183581a135a69e546721da8dd1c905ea3b3eae
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6721b41dcf4c14f92b2f126e90e4cf62b108bfd462512bc28218d6ba7d6c6fa6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54218231A002189BDF15CF29DC809DAB7F9EB48701F2480A9E946D7251D630DE42EF60
                                                                                                                                                                                                            Function 00E79BB0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                            • InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 51270584-0
                                                                                                                                                                                                            • Opcode ID: 6f75620afcd3ec5148d97a951f23b806e0dd408c5089778082dc719c9f1faf09
                                                                                                                                                                                                            • Instruction ID: a3afa53a85010f7a72638d3cc73dca8ebebb99841066a2e704a9664ec8b66ad1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f75620afcd3ec5148d97a951f23b806e0dd408c5089778082dc719c9f1faf09
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A019270A40649AFEB20EF94DC06BAEB7F8FF04B04F104629BA16A72C1DB749509DA51
                                                                                                                                                                                                            Function 00EE99E1 Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00E94AA5,?,00000000,00000000,?,00EEBE00,00F5BF08,000000FE,?,00E94AA5), ref: 00EE9A04
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00EE9A0F
                                                                                                                                                                                                              • Part of subcall function 00EEE960: _free.LIBCMT ref: 00EEE973
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00EE9A38
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00EE9A42
                                                                                                                                                                                                            • GetLastError.KERNEL32(80070057,D49C76F0,?,00000000,?,00EEBE00,00F5BF08,000000FE,?,00E94AA5,?), ref: 00EE9A47
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00EE9A5A
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000,?,00EEBE00,00F5BF08,000000FE,?,00E94AA5,?), ref: 00EE9A70
                                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00EE9A83
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _com_issue_error$ErrorLast$AllocByteCharMultiStringWide_free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 878839965-0
                                                                                                                                                                                                            • Opcode ID: 3e1ae36a5f20226aec67988b1c35034e5bba5f3c6d837582a3b6ba88326b7a8e
                                                                                                                                                                                                            • Instruction ID: e99a4ec74d9776b97aabb44017c84b5cfc7c5f0a38d0a736f6cd9ad28303579f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e1ae36a5f20226aec67988b1c35034e5bba5f3c6d837582a3b6ba88326b7a8e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91014F71F0529C9BDB20DF959845BDEB7E4EF48B10F101129ED0677282DA315851C6A0
                                                                                                                                                                                                            Function 00EFED5C Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                            • Opcode ID: b9aa81e8fe132d695ef236c3d67db028d05ec06ebf09f872f279290bb778f334
                                                                                                                                                                                                            • Instruction ID: 73194529bab21087783d334df275f2cb15fb97fb8e272ebe454137ef9ceb32fb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9aa81e8fe132d695ef236c3d67db028d05ec06ebf09f872f279290bb778f334
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE0AB22105B2C45E231373EBC0477A32858BC2338F114322F930A23F0DF791881B4A1
                                                                                                                                                                                                            Function 00E9DEC0 Relevance: 3.0, APIs: 2, Instructions: 22registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHDeleteKeyW.SHLWAPI(?,00F4BFD0,?,00E9DE7B), ref: 00E9DED6
                                                                                                                                                                                                            • RegCloseKey.KERNEL32(?,?,00E9DE7B), ref: 00E9DEE4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseDelete
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 453069226-0
                                                                                                                                                                                                            • Opcode ID: fbf07edb3cb0be6c2f1a60b9a16a976ad87fcafa9ad8e4c2147d39ef74f67fed
                                                                                                                                                                                                            • Instruction ID: baa194d2680514c202e034426899b649688bab76b8e252b11176c6e88d36a4f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbf07edb3cb0be6c2f1a60b9a16a976ad87fcafa9ad8e4c2147d39ef74f67fed
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4E0ED705087518AD7308B69E808B437BD89B04714F14C84DA49AD6A90C3B8E8459B54
                                                                                                                                                                                                            Function 00E7DEB0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000023,00000001,D49C76F0,?,?), ref: 00E7DF08
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 00E7E36C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DescriptorSecurity$ConvertFolderPathSpecialString
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4077199523-0
                                                                                                                                                                                                            • Opcode ID: 35ec40a87f56f7530378ef1a0df6c39c2123a404dd004374bb6e863722196692
                                                                                                                                                                                                            • Instruction ID: bd9cce929374d632272202ca44d962fa5484957fca3281c1dbdb001892fa3b0b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35ec40a87f56f7530378ef1a0df6c39c2123a404dd004374bb6e863722196692
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8C1E031A002449BCB28DF68DD897ADB7B2FF89304F1086DDD44DA7791DB75AA84CB90
                                                                                                                                                                                                            Function 00F0627A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 62668f462423e20687142d5df74f1a5c1a039bff5372e8fc79ae8dfb7597514e
                                                                                                                                                                                                            • Instruction ID: 13a71de09988444dc16df020305e797aab03bc8d53e3cdf98ec0bde86f04ebe9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62668f462423e20687142d5df74f1a5c1a039bff5372e8fc79ae8dfb7597514e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E441A071A00248AFDB10DF58CC81AAE7BE2EB89364F298168F449DB391D7719D61F790
                                                                                                                                                                                                            Function 00F0732A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                            • Opcode ID: 4addee177e80cd5f2fd75b1539e510bd55ab0c0de85b05d05af32c4af595100e
                                                                                                                                                                                                            • Instruction ID: 062b511f27d955b0128aea4d825330e676b88c60f6d5fd69306b5969f2eada45
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4addee177e80cd5f2fd75b1539e510bd55ab0c0de85b05d05af32c4af595100e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A114571A0420AAFCF05EF58E941A9A7BF4EF48304F0040A9F809EB251D670EA11EBA4
                                                                                                                                                                                                            Function 00EF5854 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                            • Instruction ID: ce4845ef053c3c4df46fc0122764ce383f6ac5f156a178c0c51962477ed9f593
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13F04433501A1C6ADA2536298C056AB3298CF623B5F106325FB21F60D2CB38D806A6A1
                                                                                                                                                                                                            Function 00E9DF10 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCreateKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?), ref: 00E9DF45
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                                                            • Opcode ID: 2c9874b247b7f81b2ca300ec54e4539bd774a2e92641bf8d0e96c7bf629b6969
                                                                                                                                                                                                            • Instruction ID: f619c0521ed2c391018b0023a8e9bd6078e06300d85deee494a94955afa724f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c9874b247b7f81b2ca300ec54e4539bd774a2e92641bf8d0e96c7bf629b6969
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E015635600209ABCB21CF49CC04F9EBBB9FF98310F20809AF805A7250C770AA25DB90
                                                                                                                                                                                                            Function 00EB6050 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFileExistsW.SHLWAPI(?), ref: 00EB6061
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExistsFilePath
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1174141254-0
                                                                                                                                                                                                            • Opcode ID: 931874f816ad85b6c83e39d3298f3f7580ecf9a862d05a52423e1bc1bddd1c2a
                                                                                                                                                                                                            • Instruction ID: 3a13f97cf8f69ba793738d7bf3b50719798c7461e886cac71170a78827078d43
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 931874f816ad85b6c83e39d3298f3f7580ecf9a862d05a52423e1bc1bddd1c2a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11F0CD312003008BC728DF29D808B9BB7F9EF88705F40851DE44ACB660D375F905CBA0
                                                                                                                                                                                                            Function 00F02174 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,00EE872D,?,?,00E7A1ED,0000002C,D49C76F0), ref: 00F021A6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                            • Opcode ID: 911768c50724c88957ef22fedb5604a97094eb1cee0320f0121da7e3b29185fc
                                                                                                                                                                                                            • Instruction ID: 02f981a77bda02cf3b5f3e08e5adbdc1f2c15bc8dc4c62404f07ba73693f5cb1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 911768c50724c88957ef22fedb5604a97094eb1cee0320f0121da7e3b29185fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07E06D36A04269A6E6B22765AC08B6F3699EF413B0F256221EE15E61D0CB70CC45B1F1
                                                                                                                                                                                                            Function 00E9E500 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?), ref: 00E9E51F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 71445658-0
                                                                                                                                                                                                            • Opcode ID: f623159c0db78f6ff46f1fcf2bcdcb7e3a90d059b5bf2a297500003fe56a6c24
                                                                                                                                                                                                            • Instruction ID: 6332dfedf0e10c936ff71c7d7fdd01a396f5dfc942a9f70c9a633447ff630964
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f623159c0db78f6ff46f1fcf2bcdcb7e3a90d059b5bf2a297500003fe56a6c24
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07F05831600208ABDB24CF0ADC08F9EBBA8EF94710F20849EF80997350D6B0AA119B94
                                                                                                                                                                                                            Function 00E7136C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E713A5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 323602529-0
                                                                                                                                                                                                            • Opcode ID: e88f4d666f96003a985aef4c361e20e39956f51daa1a9f074084674c8715f1fa
                                                                                                                                                                                                            • Instruction ID: 2183c992e744536ed024501500303700a5860474f69916e47a0786003c0e00d2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e88f4d666f96003a985aef4c361e20e39956f51daa1a9f074084674c8715f1fa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF0ED72908658AFD704DF08DD01F9AB3ECEB08B20F10422FE812A3380DBB5A9048A94
                                                                                                                                                                                                            Function 00F14D80 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000000,?,00F14E6A,00000000,00000000,-00000002,D49C76F0,00000028,00000000,?,00000000,extra,00000005,00000000,00000000,00F344E4), ref: 00F14D92
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                            • Opcode ID: 17844974fb4f70a66fedccbfcb2f74ecea1f3f797b3fc5b3f3f192cbac058134
                                                                                                                                                                                                            • Instruction ID: c681feeb87a135f5dca9e2a403508791aebe19b43e0cb77ef01d4fcf0f6753f3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17844974fb4f70a66fedccbfcb2f74ecea1f3f797b3fc5b3f3f192cbac058134
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28D05E3151020819AE540A68B4696E6334899817747EC0650F81E860D4E720F8C3B130
                                                                                                                                                                                                            Function 00E9ED10 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegSetValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 00E9ED2F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                            • Opcode ID: cfec0e326d93a9eca2d3c37e75afbf30e732783fb433981f1700ece7dcec619e
                                                                                                                                                                                                            • Instruction ID: 70a3cb195a765511c81e05caae056db0a03b36d4b8e06a24c8286f653a8f7a24
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfec0e326d93a9eca2d3c37e75afbf30e732783fb433981f1700ece7dcec619e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36E0123524010CEBDF10CE94EC40FA77B2AFB94704F10D415F9085A295C373DC21ABA0
                                                                                                                                                                                                            Function 00F0FE25 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00F10187,?,?,00000000,?,00F10187,00000000,0000000C), ref: 00F0FE42
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                            • Opcode ID: 43267848ce893c55a26f105b7f41dce39ee9584fabd9957c9358eae25009564b
                                                                                                                                                                                                            • Instruction ID: c388487592e77518d29c84a56a6d23b69b554963ce30835d908fa2386d2319a4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43267848ce893c55a26f105b7f41dce39ee9584fabd9957c9358eae25009564b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DD06C3200010DBBDF128F84DD06EDA3BAAFB48714F114000BA1856060C772E922AB91
                                                                                                                                                                                                            Function 00ED269D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00ED2743: DloadGetSRWLockFunctionPointers.DELAYIMP ref: 00ED2743
                                                                                                                                                                                                              • Part of subcall function 00ED2743: AcquireSRWLockExclusive.KERNEL32(?,00ED28F1), ref: 00ED2760
                                                                                                                                                                                                            • DloadProtectSection.DELAYIMP ref: 00ED26C5
                                                                                                                                                                                                              • Part of subcall function 00ED286C: DloadObtainSection.DELAYIMP ref: 00ED287C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Dload$LockSection$AcquireExclusiveFunctionObtainPointersProtect
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1209458687-0
                                                                                                                                                                                                            • Opcode ID: 6258dce5d2968eeed2771f6b8fc85762c34ef0632a01dd123e1f13eae641eaf4
                                                                                                                                                                                                            • Instruction ID: a2b33d11ef559e6b28c9e14d217ac27bbf2201a8831e321689764729ac53f233
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6258dce5d2968eeed2771f6b8fc85762c34ef0632a01dd123e1f13eae641eaf4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6ED0C9349082544AC255BB25A8867543690E334305F50644BF725F52B5E7E28843BAA5
                                                                                                                                                                                                            Function 00E9E8C0 Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 00E9E8D4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3660427363-0
                                                                                                                                                                                                            • Opcode ID: 074a938c042a5ba43ca447384081c667dbc343ef4f1e898014d2aebee49b0d8e
                                                                                                                                                                                                            • Instruction ID: 1d291f94b5e93ce3e082de5c8a7bc9660b8d1f60bea1af08d96c9dcbc6999917
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 074a938c042a5ba43ca447384081c667dbc343ef4f1e898014d2aebee49b0d8e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7ED0CA3200020CBBCF028F80ED01E8A3F2AEB08320F148400FA080806183B39432BBA4
                                                                                                                                                                                                            Function 00EEE960 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _free.LIBCMT ref: 00EEE973
                                                                                                                                                                                                              • Part of subcall function 00F02098: RtlFreeHeap.NTDLL(00000000,00000000,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?), ref: 00F020AE
                                                                                                                                                                                                              • Part of subcall function 00F02098: GetLastError.KERNEL32(?,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?,?), ref: 00F020C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1353095263-0
                                                                                                                                                                                                            • Opcode ID: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                            • Instruction ID: 845872c174cb48e08a97ec3a52a30fa1d6c1ba9efa6beff65d1d7167e8af38c0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7C08C3100030CBBCB009B41C80AA4E7BA8DB80364F204044F80117280CAB1EE04A690
                                                                                                                                                                                                            Function 00EC4CEA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: c1ec796dd9aefa52c342146e8c0879be4a9df3c08987b136425e33e858f513f7
                                                                                                                                                                                                            • Instruction ID: 2d635617b1b8e322afa70a3d5ca3696bf0abf19acb7f7950f930e4c9ff613379
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1ec796dd9aefa52c342146e8c0879be4a9df3c08987b136425e33e858f513f7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDB012D125E400BD320451185F12D37014CC2C1B11B30D01FF601D1291D4834D072033
                                                                                                                                                                                                            Function 00EC4CFA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 390f8e0f531c02e7e74463a4595afa35e910b9d60a33f113183560f577bac1ff
                                                                                                                                                                                                            • Instruction ID: 0d5a07eb6634a915a47e2abe19ca420b65ff24e86ec9fdabed13d47e4de7773e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 390f8e0f531c02e7e74463a4595afa35e910b9d60a33f113183560f577bac1ff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4B012D125E400BD310451185F12E37015CC2C1B11B30901FF501D0295D4824C076033
                                                                                                                                                                                                            Function 00EC4CCA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 453c05b3260235746db5b13ad1965177a7ec0968ce86ecd90f92f3c404d66ccf
                                                                                                                                                                                                            • Instruction ID: 20352b2571b446b785c537b81283d056ffcedafa4f28ddda40f6e1e671b6dd4d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 453c05b3260235746db5b13ad1965177a7ec0968ce86ecd90f92f3c404d66ccf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18B012D125E400FD3504511C5E12D37014CC2C1B11B30D01FF901D0291D4C24C072033
                                                                                                                                                                                                            Function 00EC4CDA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 411633fec8453a300f335a07317d5208a1c48fa28375869702af6bf9c3c0a0c8
                                                                                                                                                                                                            • Instruction ID: a672557091d00c3779f27b17dcc231cb219e241508f70a1224fb0e071eb963ba
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 411633fec8453a300f335a07317d5208a1c48fa28375869702af6bf9c3c0a0c8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CB012D125E501BD320451185E12D77014CC2D1B11F30911FF901D02A1D4824C4B2033
                                                                                                                                                                                                            Function 00EC4CAA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: b45029a152a0ef27110c986f954d63b4f7f375463085c797cf2cf76e757a21ae
                                                                                                                                                                                                            • Instruction ID: b0796ace5a1b3806c1462f539ac97ff6e5588993d206141b30e2a2c0d2c63ec9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b45029a152a0ef27110c986f954d63b4f7f375463085c797cf2cf76e757a21ae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BB012D125E400BD320451185E12D37015CC6D0B11B30D01FF700D22D1D4924C072032
                                                                                                                                                                                                            Function 00EC4CBA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 88828ba0d7cf16014248dcfa978c6d381cf544e3139b23f04d6a0f67aa48a4a1
                                                                                                                                                                                                            • Instruction ID: 1b328b09982b2b9d6db4dfe9b5c1ac2c41c369abf2e66e40f56f1c12eedaf595
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88828ba0d7cf16014248dcfa978c6d381cf544e3139b23f04d6a0f67aa48a4a1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07B012D225E400BD350452185D12D37014CC6C0B11B30D01FF900D0292D4924C072032
                                                                                                                                                                                                            Function 00EC4C8A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 6b1e96e400ecbae5ee9ad06d8371cd0f3d3f72395536520544d4427eea264b09
                                                                                                                                                                                                            • Instruction ID: c49007d0a7b311f102f6bdc80134d1521216d4fa2a8184ac5240af396a607101
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b1e96e400ecbae5ee9ad06d8371cd0f3d3f72395536520544d4427eea264b09
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DB012D125E401FD350451189D12D37015CC6C0B11B30D41FFA00D12D1D4914C072032
                                                                                                                                                                                                            Function 00EC4C9A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 06e6efa426b82a790782c9cf5d5e381ddb4deb24fda3c2762a250d8b8ef6ff36
                                                                                                                                                                                                            • Instruction ID: 10f025df3b4f5a61af4c85ad6921f0462630a16cb7a3805c08c1238140eb22af
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06e6efa426b82a790782c9cf5d5e381ddb4deb24fda3c2762a250d8b8ef6ff36
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13B012D125E500BD320451185D12D77015CC7C0B11B30911FFA00D12D1D4914C4B2032
                                                                                                                                                                                                            Function 00EC4C69 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4C81
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 6f32c18567db86bb208c7a623a4dd98cecf662cd5f2282372f98eec28cd5a76c
                                                                                                                                                                                                            • Instruction ID: ea3b8aa813fcade076237582f55cdcc8c2b805b60d03190f175f8730c6bdc55f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f32c18567db86bb208c7a623a4dd98cecf662cd5f2282372f98eec28cd5a76c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6B012E625E500BD320412245E16C77010CC6C0B11B30911FF900E019294924C4B2072
                                                                                                                                                                                                            Function 00EC4DB8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4DAF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: b6c10fe144dbb113089e336f2575d41d4e90ee36583075abe06ed3910e493a4b
                                                                                                                                                                                                            • Instruction ID: c0cbcb38c5b66f07c9cc52842f96375ff18b1eb7f6775d49747aa652af81f220
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6c10fe144dbb113089e336f2575d41d4e90ee36583075abe06ed3910e493a4b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FB012D169D400BC354461286D12D37028CC2C4B11330E02FF905D0293D4808C0B2032
                                                                                                                                                                                                            Function 00EC4D89 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 015f6e2a8a433c802ade0d5bfbf2e1123670df79cb8724664a08bf7e52cf6b56
                                                                                                                                                                                                            • Instruction ID: fd43c7850d8ee0e76a70f130166d5b559b07ddaa883f075c932ff886ba41c309
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 015f6e2a8a433c802ade0d5bfbf2e1123670df79cb8724664a08bf7e52cf6b56
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91B012E125E6007C32046118AE22D37025CC2C0B22330D01FFA02D1391D4814C077032
                                                                                                                                                                                                            Function 00EC4D9D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4DAF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 0a264ff3813c37168de4314aeb4f1e64923e1e407ed9e8ffc409e25a4fcaf258
                                                                                                                                                                                                            • Instruction ID: 7e8ba8cc2d19f3aba1f6d793c2c739a3c93975b8577682d468d31dbf64dae9c3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a264ff3813c37168de4314aeb4f1e64923e1e407ed9e8ffc409e25a4fcaf258
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6B012D229E4007C31042214AD12D37015CC6C1B117B0901FF541E019394918C076032
                                                                                                                                                                                                            Function 00EC4D93 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 84b2cbb5a08f371a5ff07c8d6d34a8551df5747967bb6885197bd1c949c7f23a
                                                                                                                                                                                                            • Instruction ID: 1903bfb52d9f2982afa3fcccb7072dfa3cfdbc98162f6a5a0831fdd278f3c2ed
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84b2cbb5a08f371a5ff07c8d6d34a8551df5747967bb6885197bd1c949c7f23a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEB012E125E6007C360461189D12D77025CC2C1B22330911FFD02D0391D4804C4BB032
                                                                                                                                                                                                            Function 00EC4D6B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: a65cb21e3524026a084799da84995c5a6c109b7ce17df0265638ce73c062febf
                                                                                                                                                                                                            • Instruction ID: 7a54194c14e5a28645847d120f5fcbafee360eb173a6b09020221a5bfe6618b4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a65cb21e3524026a084799da84995c5a6c109b7ce17df0265638ce73c062febf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92B012D135E5007C360461189E12D77025CC2C0B22330911FFD02D0391D4804C4B7032
                                                                                                                                                                                                            Function 00EC4D61 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: b3dbdd263bc15e8e5f5fcb1cd547497b8c06ec5aadc811d0af6eb157cdc366f4
                                                                                                                                                                                                            • Instruction ID: 7f1667a6e686123e4cece0bca99df32c1710a60235d7bd1b18f7c10234457984
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3dbdd263bc15e8e5f5fcb1cd547497b8c06ec5aadc811d0af6eb157cdc366f4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AB012E125E500BC3D0461189D12D37025CC2C0B22330D01FFE02D0391D4804C077032
                                                                                                                                                                                                            Function 00EC4D7F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 3ca948424c9e869b542403f0e45509270a5cca32a2a733f96b3104f8c41014c5
                                                                                                                                                                                                            • Instruction ID: d389067763a31e443e7ae2ddc4fbea495813db3f4f9ed7f170c161f07d36e322
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ca948424c9e869b542403f0e45509270a5cca32a2a733f96b3104f8c41014c5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CB012E129E5047C310461199D12E37026CC2C0B22330901FF902D0391D4804C07B132
                                                                                                                                                                                                            Function 00EC4D75 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 73f649df9f7e22316cf869ebec53cfc115935e06e29687d2477d5a00aaa3bc23
                                                                                                                                                                                                            • Instruction ID: b85df875e87dfd3f90a225fd44bc8ac12f35475b87a51b0a95ad5ecf113603c7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73f649df9f7e22316cf869ebec53cfc115935e06e29687d2477d5a00aaa3bc23
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10B012D125E400BC390461189E12D37025CC2C0B22330D01FFE02D0391D4804C0B7032
                                                                                                                                                                                                            Function 00EC4D4D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 52797a4c7eee37ee419bd59c4d7863b9f9f42c867b64045f5d9c929272fef5f3
                                                                                                                                                                                                            • Instruction ID: b501be396c32a79f4d72e7786ff50da6c04738f8528ad483993d0676d884ff71
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52797a4c7eee37ee419bd59c4d7863b9f9f42c867b64045f5d9c929272fef5f3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAB012D135E400BC3E0461189E12D37026CC2C0B22330D11FFD02D1391D4804C0B7032
                                                                                                                                                                                                            Function 00EC4D43 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 450289298fe39e084d8b416310bf77dedbcc8fb7f0438cff57b526534047b88a
                                                                                                                                                                                                            • Instruction ID: 3e6eb8256f5c4618d7caf198fb3dfe75709e338f9aa0efecfed5717f723360b0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 450289298fe39e084d8b416310bf77dedbcc8fb7f0438cff57b526534047b88a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09B012D125E4007C32046118DE12D37025DC2C0B32370D21FFA03D5391D4814C077032
                                                                                                                                                                                                            Function 00EC4D57 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 1aaf815228fa9aa9e8445de7ea5668ffe6c3e038fe746065a2647d50191de5e4
                                                                                                                                                                                                            • Instruction ID: 87398ae7e32a2edcf94762fca7a691c2672066c435f5264dc65c9d220eb95c79
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1aaf815228fa9aa9e8445de7ea5668ffe6c3e038fe746065a2647d50191de5e4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18B012D126E4007C31046118DD12E37026CC2C0B32330921FF903D4391D4814C07B032
                                                                                                                                                                                                            Function 00EC4D2F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 48c7c84a736c219e5f607a8b7dd4fbd8772142798cd3089b036dad8a93fa021e
                                                                                                                                                                                                            • Instruction ID: 4db9c7f567128f883f482233ad4b74c8d638f8c3cdc8fda7fdab87d0013fc3c0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48c7c84a736c219e5f607a8b7dd4fbd8772142798cd3089b036dad8a93fa021e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABB012D125E400BC39046118DD12D37035CC2C4B32330D11FFD03D4391D4804C077032
                                                                                                                                                                                                            Function 00EC4D25 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: c6087cce6ff9123f08e460821003d9705a818312f8c65b69b02701c0d50070d2
                                                                                                                                                                                                            • Instruction ID: 4c1f0cd3a9f88c12aad6626717567b66865f5c487b5167dc5cc3fce5d24a535d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6087cce6ff9123f08e460821003d9705a818312f8c65b69b02701c0d50070d2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74B012D135F4007D350461189E12E77026CC2C0B22330901FF902D0391D4804C07B032
                                                                                                                                                                                                            Function 00EC4D39 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 0515e522cd667e91ee49fb730545e3a3101be572858cd1cbc4d0f2466b932767
                                                                                                                                                                                                            • Instruction ID: e0cf01dfec90a51d2748d3f350c89544887002930d7a611fc1d999649ec468ba
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0515e522cd667e91ee49fb730545e3a3101be572858cd1cbc4d0f2466b932767
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48B012D125E5007C32046118DD12D77025CC2C0B32330921FFD03D4391D4804C4B7032
                                                                                                                                                                                                            Function 00EC4D0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EC4D1C
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 1b355fbab79b12af78bcbe7ac78c5fc1bcf924a8a08520143d62f181a7aea0cd
                                                                                                                                                                                                            • Instruction ID: 6b655a382ab4e30ba9f7f32379a7d6dd2390287a6d585a16b83ae47aba460a30
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b355fbab79b12af78bcbe7ac78c5fc1bcf924a8a08520143d62f181a7aea0cd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68B012D135E4017C360421149F12C37061CC2C0B22330D01FFA02E0292D4814C077032
                                                                                                                                                                                                            Function 00ED14C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00ED14D8
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: f9ec317009c5bb798642c703c6f093452e502bc6778fef70f3c1aad4215f51c9
                                                                                                                                                                                                            • Instruction ID: 330465ed695dd9813a259c680d55a71edf733d3c0d7ec3b2c560327220cdc1c0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9ec317009c5bb798642c703c6f093452e502bc6778fef70f3c1aad4215f51c9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FB012B125E400BC320411655D02C37114CC2C0F11730F01FF600E2242D4805C073032
                                                                                                                                                                                                            Function 00EE97AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE97C4
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 23b9500bb02982facec6341fd577569dc57d68bd796dee7d805f36ca4c93c84a
                                                                                                                                                                                                            • Instruction ID: 66d23fc8747242577b3875c52c91910f824e4e103f6ce7ca62c33bc62eb03b02
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23b9500bb02982facec6341fd577569dc57d68bd796dee7d805f36ca4c93c84a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AB012A127D4007C320431299D02C37024DC2C0B11330E42FFE00F0143B4804C0F2032
                                                                                                                                                                                                            Function 00EE9BFA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: da9385af35ff4235859bde62140c9e7c4bb1ca9a8cf4f78206d663cd348dfc8f
                                                                                                                                                                                                            • Instruction ID: cffeca927df3b0dba6f85e3fce535b6f4bb44a6c3d2741e9131880ebf2e91d4a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: da9385af35ff4235859bde62140c9e7c4bb1ca9a8cf4f78206d663cd348dfc8f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6B012A127D401BC350451196C02C77029CC2C0B11330D51FF900D1242D4804CC63032
                                                                                                                                                                                                            Function 00EE9BF0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 33365607eeaccc026f1f97ae122a8c0fa227a55e0cd1e020c99c8150821e9912
                                                                                                                                                                                                            • Instruction ID: 281ae02ab6beeab5215ac92aaa7ea8bcdd9968785fd2198558ec6702c4d9aa6e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33365607eeaccc026f1f97ae122a8c0fa227a55e0cd1e020c99c8150821e9912
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56B012A127D4017C320451196D02C77118CC2D0B11330D51FF600D2242E4804CC73036
                                                                                                                                                                                                            Function 00EE9C4A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: ddd14af7c97d5d66285ec7f06ffa184055b347fd2025e9bf99b25261ebd50337
                                                                                                                                                                                                            • Instruction ID: f829b9addf948a5b6fcbf2f4bffdbf74cf326272c399a8af68f038dfcd446ce9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddd14af7c97d5d66285ec7f06ffa184055b347fd2025e9bf99b25261ebd50337
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06B0129127D4017C32145159AD02D77118CC2C0B15330D51FF600D2252D4804C873032
                                                                                                                                                                                                            Function 00EE9C40 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 74246e9d7cedcf8f4f2e99a5d69ee6f2c9f13480eab112e2cf796180dc4d615f
                                                                                                                                                                                                            • Instruction ID: de76aa16442c7a050ee681b96fa41b0acd515526a74739f0f5ccdf37525154de
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74246e9d7cedcf8f4f2e99a5d69ee6f2c9f13480eab112e2cf796180dc4d615f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56B0129127D5017C321451596C02DB7018CC2C0B11330961FF900D1242D4804CCA3072
                                                                                                                                                                                                            Function 00EE9C54 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 50242e7232f516455698a13ba430431566e9d3d198c1b315361106e65a4ed3bc
                                                                                                                                                                                                            • Instruction ID: a2611fe1e6fc5f9d8bad94127b69ce30c6208febab0f4dfdfef8c4b0e783444a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50242e7232f516455698a13ba430431566e9d3d198c1b315361106e65a4ed3bc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06B0129127D4017C311451596C02E77019CC2C0B11330991FF500D1282D4804C867032
                                                                                                                                                                                                            Function 00EE9C2C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 9ef9e33c987564f62fa0b8327d61421c0864c78bf7ef1ed813fc478b632a5f5d
                                                                                                                                                                                                            • Instruction ID: 09ebfe90f357dfe5879639375cee0624d05156ab0a1923b9384e6af1f64b3340
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ef9e33c987564f62fa0b8327d61421c0864c78bf7ef1ed813fc478b632a5f5d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3B012A227D5057C310451196D12D7701DCC2C0B11330951FF500D1242D4804C867032
                                                                                                                                                                                                            Function 00EE9C22 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 08d8d3eb9c6079101a9569de1667abbd99172c0bdd9e3c89a3ead78fbc37eb99
                                                                                                                                                                                                            • Instruction ID: bb6d3be8a9a49ecb7bfbc5333250a9d70afa4a0a7003de2ca766607aa747efb3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08d8d3eb9c6079101a9569de1667abbd99172c0bdd9e3c89a3ead78fbc37eb99
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68B012B127D4017C320451196E02C7711CCC2C0B11730D51FF600D2242D4804C873032
                                                                                                                                                                                                            Function 00EE9C36 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 1ef8a9de1536f02e95633e359dec5fad96589e2aca2035bf1550175607fe464b
                                                                                                                                                                                                            • Instruction ID: 0a8b25fc02807ee0eedd62416cd1431d6aff74b4a31a436d4bede089df674ad3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ef8a9de1536f02e95633e359dec5fad96589e2aca2035bf1550175607fe464b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBB0129127D401BC351451596C02D77018CC2C0B11330D52FF900D1242D4808C863032
                                                                                                                                                                                                            Function 00EE9C0E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 940a68d51571a405a9777e49f6a476e6b4b74ca8be52bbded2586c04535e3e2a
                                                                                                                                                                                                            • Instruction ID: 265255598623726afb4d7786023292686762bac8f9ba8b1868aa185fdce7620c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 940a68d51571a405a9777e49f6a476e6b4b74ca8be52bbded2586c04535e3e2a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BB012A127D401BC350451296D02C7701CCC2C0B11330D51FF900D1242D5808C863032
                                                                                                                                                                                                            Function 00EE9C04 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: 25a6e2431a9658046fe2a1ae8bdbec92f8de6a92f218ee73018a6de37b6bab46
                                                                                                                                                                                                            • Instruction ID: b18ff32fa239adad50a28bc73d151c933ed8024b33453269e6c19f1cee220524
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25a6e2431a9658046fe2a1ae8bdbec92f8de6a92f218ee73018a6de37b6bab46
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8B012A127D4017C310451196C02D77019CC3C0B11330951FF500D1242D4804CC6B032
                                                                                                                                                                                                            Function 00EE9C18 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00EE9BE7
                                                                                                                                                                                                              • Part of subcall function 00ED293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00ED29AF
                                                                                                                                                                                                              • Part of subcall function 00ED293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00ED29C0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1269201914-0
                                                                                                                                                                                                            • Opcode ID: e18d326dd0c999c70495b7f8ffc481ce44fc9c8080a0a694d9b5736c3edead77
                                                                                                                                                                                                            • Instruction ID: 42b9cda3d3185b45fc04677f2d946e71558b45a5a31b4a74f55626b4bbe405a9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e18d326dd0c999c70495b7f8ffc481ce44fc9c8080a0a694d9b5736c3edead77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCB012A527D5017C320451196D02CB701CCC2C0B11330961FF900D1242D4804CCA3032
                                                                                                                                                                                                            Function 00E9ECD0 Relevance: 1.3, APIs: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1659193697-0
                                                                                                                                                                                                            • Opcode ID: ae3948c131fcf5eb42eb9783574dc032fe6caa7543b0e0e58df1fe9c6371a487
                                                                                                                                                                                                            • Instruction ID: 974a04b10c3a3b5fa2f22806cd51f19428af3eb1060bc1674c1966fdf16933aa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae3948c131fcf5eb42eb9783574dc032fe6caa7543b0e0e58df1fe9c6371a487
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51E0ED37200119ABDB11CB89EC84D9AFB6DEBD5371714403BFA0487220D772AC25DBA0

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 00EA0540 Relevance: 98.2, APIs: 29, Strings: 27, Instructions: 220libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,D49C76F0), ref: 00EA0571
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00EA05B7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 00EA05DD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetFileSecurityW), ref: 00EA05E9
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetFileSecurityW), ref: 00EA05F5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00EA0601
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetExplicitEntriesFromAclW), ref: 00EA060D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,RegGetKeySecurity), ref: 00EA061C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,RegSetKeySecurity), ref: 00EA0628
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,InitializeSecurityDescriptor), ref: 00EA0634
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetSecurityDescriptorDacl), ref: 00EA0640
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSecurityDescriptorDacl), ref: 00EA064C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,AllocateAndInitializeSid), ref: 00EA0658
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,FreeSid), ref: 00EA0664
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,OpenThreadToken), ref: 00EA0670
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00EA067C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,InitializeAcl), ref: 00EA0688
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,InitializeSid), ref: 00EA0694
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSidSubAuthority), ref: 00EA06A0
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,AddAccessAllowedAce), ref: 00EA06AC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSecurityInfo), ref: 00EA06B8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 00EA06C4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,QueryServiceStatusEx), ref: 00EA06D0
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetAce), ref: 00EA06DC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DeleteAce), ref: 00EA06E8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,EqualSid), ref: 00EA06F4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetAclInformation), ref: 00EA0700
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetSecurityDescriptorControl), ref: 00EA070F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00EA07DE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$CriticalSection$EnterFreeLeaveLibrary
                                                                                                                                                                                                            • String ID: AddAccessAllowedAce$AllocateAndInitializeSid$DeleteAce$EqualSid$FreeSid$GetAce$GetAclInformation$GetExplicitEntriesFromAclW$GetFileSecurityW$GetSecurityDescriptorDacl$GetSecurityInfo$GetSidSubAuthority$GetTokenInformation$InitializeAcl$InitializeSecurityDescriptor$InitializeSid$LookupAccountSidW$OpenThreadToken$QueryServiceStatusEx$RegGetKeySecurity$RegSetKeySecurity$SetEntriesInAclW$SetFileSecurityW$SetSecurityDescriptorControl$SetSecurityDescriptorDacl$SetSecurityInfo$advapi32.dll
                                                                                                                                                                                                            • API String ID: 2701342527-838666417
                                                                                                                                                                                                            • Opcode ID: 7230277d38755a6fd5f90f2a1507658f809e747df2bdb037bc75d913a158e007
                                                                                                                                                                                                            • Instruction ID: f938e73fcc4c3d0e124ae102360a3dd00ea704c0c2bbb717970887125cb97782
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7230277d38755a6fd5f90f2a1507658f809e747df2bdb037bc75d913a158e007
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21812C30940B15FEDF26AF61C848B95BFA0FF0A729F001517E50466AA0D775B4A9DFC2
                                                                                                                                                                                                            Function 00EBF3C0 Relevance: 35.5, APIs: 13, Strings: 7, Instructions: 463encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 00EBF442
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 00EBF488
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 00EBF4C6
                                                                                                                                                                                                            • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00EBF527
                                                                                                                                                                                                            • CertGetNameStringW.CRYPT32(00000000,00000005,00000000,00000000,00000000,00000000), ref: 00EBF5AD
                                                                                                                                                                                                            • CertGetNameStringW.CRYPT32(?,00000005,00000000,00000000,00000000,?), ref: 00EBF602
                                                                                                                                                                                                            • CertGetCertificateChain.CRYPT32(00000000,?,?,00000000,00000010,00000000,00000000,?), ref: 00EBF89C
                                                                                                                                                                                                            • CertFreeCertificateChain.CRYPT32(00000000), ref: 00EBF8B1
                                                                                                                                                                                                            • CertFreeCertificateChain.CRYPT32(00000000), ref: 00EBF8CB
                                                                                                                                                                                                              • Part of subcall function 00EBE760: CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 00EBE877
                                                                                                                                                                                                            • CertVerifyCertificateChainPolicy.CRYPT32(00000003,00000000,0000000C,00000014), ref: 00EBF906
                                                                                                                                                                                                            • CertFreeCertificateChain.CRYPT32(00000000), ref: 00EBF942
                                                                                                                                                                                                            • CertFreeCRLContext.CRYPT32(?), ref: 00EBFA73
                                                                                                                                                                                                            • CertFreeCRLContext.CRYPT32(00000000), ref: 00EBFAA6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Cert$Certificate$ChainFree$ContextCryptParam$NameString$FromPolicyPropertyStoreSubjectVerify
                                                                                                                                                                                                            • String ID: 4$Intel Corporation$McAfee, Inc.$McAfee, LLC$McAfee, LLC.$Yahoo! Inc.$e
                                                                                                                                                                                                            • API String ID: 2452394995-736075645
                                                                                                                                                                                                            • Opcode ID: 5e45325ccaf717cbcb3a7323cb924ac121c45013f157e7fae48c34a1dd3b21dd
                                                                                                                                                                                                            • Instruction ID: 7587544d93d40a51f6c54ca279ac759f5da915aa547c1a328b4e705c9585cee8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e45325ccaf717cbcb3a7323cb924ac121c45013f157e7fae48c34a1dd3b21dd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC12A170900229ABDF359F24CD49BEAB7B4EF29718F0451E5E809B7251E7719E84CF90
                                                                                                                                                                                                            Function 00EBEB60 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 477encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000001,00EABDCE,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EBEBD2
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00EBEBE4
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00EBEBF4
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00EBECEE
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00EBECFE
                                                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00EBEDEE
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00EBEE0A
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00EBEE1C
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00EBEEB6
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00EBEEC2
                                                                                                                                                                                                              • Part of subcall function 00EBF3C0: CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 00EBF442
                                                                                                                                                                                                              • Part of subcall function 00EBF3C0: CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 00EBF488
                                                                                                                                                                                                              • Part of subcall function 00EBF3C0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 00EBF4C6
                                                                                                                                                                                                              • Part of subcall function 00EBF3C0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00EBF527
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00EBEF02
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00EBEF14
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00EBEFAE
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00EBEFBA
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00EBEFDA
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00EBEFEA
                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 00EBF0CB
                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000001), ref: 00EBF0DB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                                                            • String ID: 4
                                                                                                                                                                                                            • API String ID: 2648890560-804131889
                                                                                                                                                                                                            • Opcode ID: d4ea6584e00f8ab7a396f71515f6465bb7f5f61c4152eb958a79a9866d8aba30
                                                                                                                                                                                                            • Instruction ID: 5df26214c9e9716bd3b08bf8cd30e5dfb32d905297056282c5917adc0edc010a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4ea6584e00f8ab7a396f71515f6465bb7f5f61c4152eb958a79a9866d8aba30
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F022B71E00209ABEF14DFA8CD99BEFBBB8AF08304F145519E501F7391D7B59A048BA4
                                                                                                                                                                                                            Function 00EB2B30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,D49C76F0,00000000,?,?,?,00EB3AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00EB2B73
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Dispatcher), ref: 00EB2B98
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Controller), ref: 00EB2BA7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Release), ref: 00EB2BC8
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00EB2C46
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00EB2CC3
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00EB3AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004), ref: 00EB2CCB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to load library %s. Error 0x%08X, xrefs: 00EB2CD5
                                                                                                                                                                                                            • Controller, xrefs: 00EB2B9E
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp, xrefs: 00EB2CE4
                                                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance, xrefs: 00EB2CDF
                                                                                                                                                                                                            • Release, xrefs: 00EB2BC2
                                                                                                                                                                                                            • Dispatcher, xrefs: 00EB2B92
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressLibraryProc$Free$ErrorLastLoad
                                                                                                                                                                                                            • String ID: Controller$Dispatcher$Failed to load library %s. Error 0x%08X$NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance$Release$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp
                                                                                                                                                                                                            • API String ID: 2058215185-435243658
                                                                                                                                                                                                            • Opcode ID: 739bf040a9f8d9e0ead50bcf203f995cf3302ce97fb28085d78fd158dc4d9e22
                                                                                                                                                                                                            • Instruction ID: 893f3bddf15ded31004b0d77907aa0f6417592404f0da3ce68228fee8e333621
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 739bf040a9f8d9e0ead50bcf203f995cf3302ce97fb28085d78fd158dc4d9e22
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 234147B0A41318AFDB00CFA9DA44B9EBFF4FF08710F15816AE505AB291D7B58904DFA5
                                                                                                                                                                                                            Function 00E86220 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 428encryptionthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?), ref: 00E86268
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00E86274
                                                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?,?,?,?), ref: 00E863BF
                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00E863DF
                                                                                                                                                                                                            • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00E863FC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • 3c224a00-5d51-11cf-b3ca-000000000001, xrefs: 00E8671E
                                                                                                                                                                                                            • al exception rule %x:%x res %s, xrefs: 00E8632E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Crypt$CurrentHash$AcquireContextCreateDataProcessThread
                                                                                                                                                                                                            • String ID: 3c224a00-5d51-11cf-b3ca-000000000001$al exception rule %x:%x res %s
                                                                                                                                                                                                            • API String ID: 3004248768-911235813
                                                                                                                                                                                                            • Opcode ID: 07b5c433cd5be597324b07a62250843d662260c926ad84335167bd45dc18f67b
                                                                                                                                                                                                            • Instruction ID: 3ca5d5b81e477581afddacfdbd83006ccf6af092d46d9bed3ffc265c830342c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07b5c433cd5be597324b07a62250843d662260c926ad84335167bd45dc18f67b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0F12835B012289FDB25DB14CC95BADBBB5BF48714F140099EA0EA7390DB74AE42DF90
                                                                                                                                                                                                            Function 00E867B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 150encryptionthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00E867F3
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00E867FB
                                                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00E8687F
                                                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 00E8689F
                                                                                                                                                                                                            • CryptHashData.ADVAPI32(00000000,?,00000000,00000000), ref: 00E868BC
                                                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000), ref: 00E868DE
                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000), ref: 00E868EF
                                                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00E86902
                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 00E86951
                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(?,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00E86980
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Freeing access handle %p, xrefs: 00E867D0
                                                                                                                                                                                                            • al exception rule %x:%x res %s, xrefs: 00E86824
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Crypt$Hash$ContextControlCurrentDevice$AcquireCreateDataDestroyParamProcessReleaseThread
                                                                                                                                                                                                            • String ID: Freeing access handle %p$al exception rule %x:%x res %s
                                                                                                                                                                                                            • API String ID: 581428007-3582322424
                                                                                                                                                                                                            • Opcode ID: 510d08a5723608260ddc7fb30c59e5af7cb93ee6b020cf067b53ac9dcaf075e6
                                                                                                                                                                                                            • Instruction ID: 705aef28fbade41627a5e33d8a987dac51aafcc4943297ab543640b99ad5e516
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 510d08a5723608260ddc7fb30c59e5af7cb93ee6b020cf067b53ac9dcaf075e6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF515E71A00218ABEB34DB60DC49FDAB7B8AB14714F144195FA1DBA1C0DBB0EE85DF61
                                                                                                                                                                                                            Function 00EBF150 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 342encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 00EBF442
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 00EBF488
                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 00EBF4C6
                                                                                                                                                                                                            • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 00EBF527
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CryptParam$CertCertificateFromStoreSubject
                                                                                                                                                                                                            • String ID: 1.3.6.1.4.1.311.2.4.1$e
                                                                                                                                                                                                            • API String ID: 738114118-2000729355
                                                                                                                                                                                                            • Opcode ID: 6e7ad9680339ce2f82611e818c281631df1138948725782a91ab5fb760dc29be
                                                                                                                                                                                                            • Instruction ID: fdf6e6898f49773b6f9af25470780b4fadd3a900f16ad6e3e89100fbc0349109
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e7ad9680339ce2f82611e818c281631df1138948725782a91ab5fb760dc29be
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72D15571D00219AFCB24CF68CC85BEEBBF5EF49314F1051A9E819B7251DB31AA44CBA0
                                                                                                                                                                                                            Function 00F0C65F Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 257COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,?,?,?,?,00F000E4,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F0C720
                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00F000E4,?,?,?,00000055,?,-00000050,?,?), ref: 00F0C74B
                                                                                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 00F0C7DF
                                                                                                                                                                                                            • _wcschr.LIBVCRUNTIME ref: 00F0C7ED
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00F0C8B4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                                            • API String ID: 4147378913-905460609
                                                                                                                                                                                                            • Opcode ID: bf4dbd7ee7ee573d8fee3efd28bbff589d18e1df485e14237ce07102bcf10fbc
                                                                                                                                                                                                            • Instruction ID: 693b18ed53d45adf6aaa9511f038b792bde66ad91ee7206cb562935fb15e2b59
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf4dbd7ee7ee573d8fee3efd28bbff589d18e1df485e14237ce07102bcf10fbc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C671F532A00306AADB25AB75CC86BB673E8EF44710F14823AF905D71C1FB74E941B7A5
                                                                                                                                                                                                            Function 00F0CE06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,00F0D124,00000002,00000000,?,?,?,00F0D124,?,00000000), ref: 00F0CE9F
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,00F0D124,00000002,00000000,?,?,?,00F0D124,?,00000000), ref: 00F0CEC8
                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,00F0D124,?,00000000), ref: 00F0CEDD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                            • Opcode ID: dfb052aceb4d294e1ce150cd52d9413b22f8ad288f6ef166cb6a237e1bad0b26
                                                                                                                                                                                                            • Instruction ID: 815bc74af3bd4c7bdaf73500b0a4db686e8fee5d9651ddc76d7b28fb7c8368f1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfb052aceb4d294e1ce150cd52d9413b22f8ad288f6ef166cb6a237e1bad0b26
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6218632E00105EADB348F64D940BA773A7EB54B74B564664E90AD7294E732DE41F3D0
                                                                                                                                                                                                            Function 00F0CFDB Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: _free.LIBCMT ref: 00F01D0B
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: _free.LIBCMT ref: 00F01D41
                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00F0D0E7
                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 00F0D130
                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 00F0D13F
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00F0D187
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00F0D1A6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 949163717-0
                                                                                                                                                                                                            • Opcode ID: e0df13863ce8f9bad6da0e4fb629738f1c412eec0d909f73a19909fc171b197c
                                                                                                                                                                                                            • Instruction ID: 6e2cad6a4374822a9961221b6740d551080784049fabc0bd21c698e614ea1d85
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0df13863ce8f9bad6da0e4fb629738f1c412eec0d909f73a19909fc171b197c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1517F72E0020AABEF20DFA5CC41BBA77B8BF05710F144529E915EB1D4DB709905BBA1
                                                                                                                                                                                                            Function 00F17BC0 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00F17BE9
                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00F17BFD
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 00F17C4D
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 00F17C62
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3562403962-0
                                                                                                                                                                                                            • Opcode ID: 263a681462291ed34b28aa775c76a94b39ad373b7630aa092f0272b0b7eaf458
                                                                                                                                                                                                            • Instruction ID: d2b15331227e451ce6c44d075d47f2d9451364efd381b6a434fdb41510a07cdc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 263a681462291ed34b28aa775c76a94b39ad373b7630aa092f0272b0b7eaf458
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8217472E0021DABCB20EBA5DD85EEFB7BDEB44750F150529E91AE7140EA30D944EBD0
                                                                                                                                                                                                            Function 00EE93F2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00EE93FE
                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00EE94CA
                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00EE94EA
                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00EE94F4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                            • Opcode ID: 0b622a66cc503436c84fa3eda1e115baed54f4fff90e63fd43b18412237ad0a7
                                                                                                                                                                                                            • Instruction ID: d332f0ac8901c53ac4dc6eb89a8abcb613bd14bc4717dddfbd999c553d3d0ad1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b622a66cc503436c84fa3eda1e115baed54f4fff90e63fd43b18412237ad0a7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16313A75D0121CDBDB21DF65D989BCDBBF8AF04304F1050AAE40DA7291EB715A858F15
                                                                                                                                                                                                            Function 00F0CA80 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: _free.LIBCMT ref: 00F01D0B
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: _free.LIBCMT ref: 00F01D41
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F0CAD4
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F0CB1E
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F0CBE4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3140898709-0
                                                                                                                                                                                                            • Opcode ID: ce796baf36c7f32b367d91fd5aaa92c790018bef030a618e7121080389a3e1ef
                                                                                                                                                                                                            • Instruction ID: 2a4c490fe8d6e4e5d9346c8872b589aa367e8a7107851fcb3af17cf0ef7e7bad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce796baf36c7f32b367d91fd5aaa92c790018bef030a618e7121080389a3e1ef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53618171900217DBEB289F25CD82BBA77A8EF44310F14827AED05D61C5E774D981FB90
                                                                                                                                                                                                            Function 00EED453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00F680CC), ref: 00EED54B
                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00F680CC), ref: 00EED555
                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00F680CC), ref: 00EED562
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                            • Opcode ID: 89d995189365a0babe63c61ca445044558fd6349d01138e46758b4b36e51cd5d
                                                                                                                                                                                                            • Instruction ID: f0ecb7c125b6ea0483db644d415450b562a83475eeaf345069033b993a2dee3f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89d995189365a0babe63c61ca445044558fd6349d01138e46758b4b36e51cd5d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3831B2B490121C9BCB21DF29DD8978DBBF8BF18310F6051EAE41CA6291EB709B858F55
                                                                                                                                                                                                            Function 00EE9215 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00EE922B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                                                            • Opcode ID: 3b1c318df760839d3a87330e60bace3bab50930c0b5574d1de0fe2f71e51bf97
                                                                                                                                                                                                            • Instruction ID: 672661d8ae9c4f7f1a5bb1eec529487f5cf9bf1b18f2885bba4db80a2b95d43c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b1c318df760839d3a87330e60bace3bab50930c0b5574d1de0fe2f71e51bf97
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92519EB191030DDFEB14CF66E8857AABBF0FB48318F24856AC905EB2A1D3B49D40DB50
                                                                                                                                                                                                            Function 00F09BF0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6dd56d122f24464b103987ce3b673ef98aa4777468fa4cbad67d04bd8b15f11a
                                                                                                                                                                                                            • Instruction ID: 015b79f3993a25e1eed62f0455f1c98bb83288734578cf4522158a64a6b8a309
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dd56d122f24464b103987ce3b673ef98aa4777468fa4cbad67d04bd8b15f11a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4431B772D04219AFDB24EF69CC89DAB77BDEB84310F14456CF91597281FA70AE40EB50
                                                                                                                                                                                                            Function 00F0CCE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: _free.LIBCMT ref: 00F01D0B
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: _free.LIBCMT ref: 00F01D41
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F0CD34
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2003897158-0
                                                                                                                                                                                                            • Opcode ID: cd275110c50365ba96cabecc76035c464b4915b62324cc4ce84f1e540dd41179
                                                                                                                                                                                                            • Instruction ID: 25db5feae8fb789509195b162b7ee13d7e8656847b7498561950280e602d818b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd275110c50365ba96cabecc76035c464b4915b62324cc4ce84f1e540dd41179
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E721D732A11206ABDB289B25DC42ABA7BACEF44314F10027AFD16D71C1EB75DD04B790
                                                                                                                                                                                                            Function 00F0C952 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00F0CA80,00000001,00000000,?,-00000050,?,00F0D0BB,00000000,?,?,?,00000055,?), ref: 00F0C9C4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                            • Opcode ID: 943884cb0e680804c2b229b5c1e2a2dce63e9edad3e93b90626ec9360be332a9
                                                                                                                                                                                                            • Instruction ID: f7dcc990397d785fe769707ecfa493ebe7dacc7dd213c37dd5a7c60b08148698
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 943884cb0e680804c2b229b5c1e2a2dce63e9edad3e93b90626ec9360be332a9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E91125366003059FDB189F39C8A15BABB92FF84328B18452DE98787A80D375A902E780
                                                                                                                                                                                                            Function 00F0CF0C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00F0CC9C,00000000,00000000,?), ref: 00F0CF38
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                            • Opcode ID: 6f63c09c3d4b0c47dd21c68a86b1d02123f0e9a54b66c8a44cf5caf1985b12a5
                                                                                                                                                                                                            • Instruction ID: 194dcd3048ac063438f7bea1343503c08eb508139809fbab92181d6c04d9198f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f63c09c3d4b0c47dd21c68a86b1d02123f0e9a54b66c8a44cf5caf1985b12a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DF04936A00113ABDB245765DC05BBA7B59EB40769F144624ED05A30C0DA34FE01F5E1
                                                                                                                                                                                                            Function 00F0C9ED Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00F0CCE0,00000001,?,?,-00000050,?,00F0D07F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00F0CA37
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                            • Opcode ID: 30136720c8b8b026e71252842f352d515334a57ce9816136c7f34f59a8ea8d74
                                                                                                                                                                                                            • Instruction ID: e1916f5b91314760008849d40156788182f8bea97aa78ce972cb9df56a33ac18
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30136720c8b8b026e71252842f352d515334a57ce9816136c7f34f59a8ea8d74
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF046327003085FDB249F39DC91ABABB95FF8136CB15812DF9458B6C0C2B9AC02F680
                                                                                                                                                                                                            Function 00F03F6D Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00EFCD41: EnterCriticalSection.KERNEL32(?,?,00EFF653,00000000,00F5C338,0000000C,00EFF61A,?,?,00F03400,?,?,00F01E4B,00000001,00000364,00000006), ref: 00EFCD50
                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00F03F60,00000001,00F5C4B8,0000000C,00F0447F,00000000), ref: 00F03FA5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                                                                                            • Opcode ID: efe4901489ed4b495ed283e4419882fb63fcdca01fc6a6d611e8cb5300d87dce
                                                                                                                                                                                                            • Instruction ID: 1628d0f5bcca945e3ec9b701a06502fff735ea4e0e17e41d093fd9ec4993d0c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: efe4901489ed4b495ed283e4419882fb63fcdca01fc6a6d611e8cb5300d87dce
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEF04F72A04209DFD700DF98E842B9C77F0EB04721F10812AF5109B2E1CB755A05EB41
                                                                                                                                                                                                            Function 00F0C907 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00F0C860,00000001,?,?,?,00F0D0DD,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F0C93E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                            • Opcode ID: 44dab55a3c15d7095921b2660841910568e6f88128fc25dc12f33328433be2da
                                                                                                                                                                                                            • Instruction ID: 3c461c165e7bf89b14c6528244fae820667aff08fc6435eaf9196f62c7c3a935
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44dab55a3c15d7095921b2660841910568e6f88128fc25dc12f33328433be2da
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EF0553670020857CB159F7ADC06AAABF94EFC1B24B0A8059FE058B280C231D942F790
                                                                                                                                                                                                            Function 00EE7E28 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00EE5D32,00000000,?,00000004,00EE4946,?,00000004,00EE4D77,00000000,00000000), ref: 00EE7E40
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                            • Opcode ID: 70e7ac0128e62eea31343b0f340d3b3455e3cd74d912e17089047d7ec0e51a8e
                                                                                                                                                                                                            • Instruction ID: e102308ad3cbff7b374f9626db4a082c1efdef006ed63adae504db663a34db25
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70e7ac0128e62eea31343b0f340d3b3455e3cd74d912e17089047d7ec0e51a8e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50E0D8326A814CF5EB158BB9AE0FFBA369CD70170DF205295A142F41F1D6A0CF00A191
                                                                                                                                                                                                            Function 00F045DA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00F00C61,?,20001004,00000000,00000002,?,?,00F0024C), ref: 00F0460E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                            • Opcode ID: f4eb1fe3ce3a930b9239dcd844335f7da927c03c5e13bf2a5cff57818f1500ed
                                                                                                                                                                                                            • Instruction ID: fce0e79c4265225ed5162a6a5be9887c1325fa8eca9458e7dfa4e67c420da86a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4eb1fe3ce3a930b9239dcd844335f7da927c03c5e13bf2a5cff57818f1500ed
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40E04F7290022CBBCF222F60EC04F9E7F19EF45761F154010FE15662A1CB36AD21BAD5
                                                                                                                                                                                                            Function 00EBE610 Relevance: 1.5, APIs: 1, Instructions: 6encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCrypt
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1563465135-0
                                                                                                                                                                                                            • Opcode ID: 2a386e36f402321ad63351ead4af7ab7e06767dda8042593c015fc1e93d71af6
                                                                                                                                                                                                            • Instruction ID: cf97c95510f0907e8702fceb347664122b081e1bc668f7a44452299a38ac261f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a386e36f402321ad63351ead4af7ab7e06767dda8042593c015fc1e93d71af6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFB01270600100679F008B32890C842335C9A103053141054A000D2014D6B0CC00C914
                                                                                                                                                                                                            Function 00EE9586 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000895A0,00EE8A95), ref: 00EE958B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                            • Opcode ID: 26f99061ab4808be3055cb5c6e5d7ec2c04abbab39ce353796eb1d3e1e97857a
                                                                                                                                                                                                            • Instruction ID: 3767c3939422f6610fb7b9a031803c2c04e45c6792381a0d125cd94a7ccf2f30
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26f99061ab4808be3055cb5c6e5d7ec2c04abbab39ce353796eb1d3e1e97857a
                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                            Function 00E7463F Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00EE88FA: EnterCriticalSection.KERNEL32(00F6742C,?,?,?,00E8402B,00F6827C,D49C76F0,?,00E81171,?), ref: 00EE8905
                                                                                                                                                                                                              • Part of subcall function 00EE88FA: LeaveCriticalSection.KERNEL32(00F6742C,?,?,?,00E8402B,00F6827C,D49C76F0,?,00E81171,?), ref: 00EE8942
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?,?,00E7E97C,D49C76F0,?,?,?,?,00F19590,000000FF), ref: 00E74676
                                                                                                                                                                                                              • Part of subcall function 00EE88B0: EnterCriticalSection.KERNEL32(00F6742C,?,?,00E84086,00F6827C,00F268E0,?), ref: 00EE88BA
                                                                                                                                                                                                              • Part of subcall function 00EE88B0: LeaveCriticalSection.KERNEL32(00F6742C,?,?,00E84086,00F6827C,00F268E0,?), ref: 00EE88ED
                                                                                                                                                                                                              • Part of subcall function 00EE88B0: RtlWakeAllConditionVariable.NTDLL ref: 00EE8964
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 325507722-0
                                                                                                                                                                                                            • Opcode ID: 57877b5885fdab115d558c0d58c9f67c5a48b2d6269badc9fa8c160ea4e993c4
                                                                                                                                                                                                            • Instruction ID: d92d2d97e6b167a58f11c17a8859aad5668a5ac0a473fc079e505e85041db717
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57877b5885fdab115d558c0d58c9f67c5a48b2d6269badc9fa8c160ea4e993c4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5211D3B250464CFEDB64DB29ED0670273E0A740364F541B2DE628972A3DFB4584EAB15
                                                                                                                                                                                                            Function 00F04619 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • GetSystemTimePreciseAsFileTime, xrefs: 00F04629
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                            • API String ID: 0-595813830
                                                                                                                                                                                                            • Opcode ID: b6e9dd13241a8ea42efe83168d415321be7532e83164ba43e546dfa548e28db5
                                                                                                                                                                                                            • Instruction ID: 358cb0b6ca0d05ba13858b5379b548ec9c9cbb543d9e4f6af37435eb87e7924d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6e9dd13241a8ea42efe83168d415321be7532e83164ba43e546dfa548e28db5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74E0C232B8022873C6303690AC06FAABF04CB50BB2F440072FF08661C195799821B6EA
                                                                                                                                                                                                            Function 00F07D23 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 404b226d35aa88299f5d918e89222d6b7cbdf7f1f8ef8d93ac762e7fc4cec0ca
                                                                                                                                                                                                            • Instruction ID: 3d7ed5339b440dacfc30cfb542f47b58c40bb711396c81824fc41b634ae3397e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 404b226d35aa88299f5d918e89222d6b7cbdf7f1f8ef8d93ac762e7fc4cec0ca
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FF0C232E49724ABCA36EA5C8A18BA97798EB45B50F100185E201D72E0C6A0FE00F3C0
                                                                                                                                                                                                            Function 00F07CAE Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f626166b8502d2550b18cc4e8078b358027987ddbb78e1267b52549ce7ad336a
                                                                                                                                                                                                            • Instruction ID: ccde3c0a5eab1f8c8074c7a209b4045df671603da738ed15d6e7c87728f886a7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f626166b8502d2550b18cc4e8078b358027987ddbb78e1267b52549ce7ad336a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6F03072E14324AFDB26DB4CC915B8973ADEB45B54F114096F501E7291CAB4EE40E7C0
                                                                                                                                                                                                            Function 00F07C6A Relevance: .0, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: bdf9593fe6a81976bbd583e8fd5933b1fd04f955dc7bd7039439a28c950e1ee4
                                                                                                                                                                                                            • Instruction ID: 0e556c04949ca0165899f1c41d170d22d4e5e150a18d2d70196b481fbfa2e9e0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bdf9593fe6a81976bbd583e8fd5933b1fd04f955dc7bd7039439a28c950e1ee4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61F0A031A15324FBCB22D78CD805A48B3ACEB44BA6F1140A6E140DB180C6B0ED41F7D0
                                                                                                                                                                                                            Function 00F07CF2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e987def8769bcac00432ddd4e9e7791ba2548d1561dedc4a3590fd0733c09369
                                                                                                                                                                                                            • Instruction ID: c07507f0b25f11b84754a3b2e7d65a250d653eb62ac797bb52b3060ad9d76d5d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e987def8769bcac00432ddd4e9e7791ba2548d1561dedc4a3590fd0733c09369
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E08C72E16228EBCB14EB8CC94499AF3ECEB49B10B210496B501D3191C274EE00E7D0
                                                                                                                                                                                                            Function 00ED6AB0 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00ED6AB6
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00ED6AC4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00ED6AD5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00ED6AE6
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00ED6AF7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00ED6B08
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00ED6B19
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00ED6B2A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00ED6B3B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00ED6B4C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00ED6B5D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00ED6B6E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00ED6B7F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00ED6B90
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00ED6BA1
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00ED6BB2
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00ED6BC3
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00ED6BD4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00ED6BE5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00ED6BF6
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00ED6C07
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00ED6C18
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00ED6C29
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00ED6C3A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00ED6C4B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00ED6C5C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00ED6C6D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00ED6C7E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00ED6C8F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00ED6CA0
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00ED6CB1
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00ED6CC2
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00ED6CD3
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00ED6CE4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00ED6CF5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00ED6D06
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00ED6D17
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00ED6D28
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00ED6D39
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00ED6D4A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00ED6D5B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                            • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                                                            • API String ID: 667068680-295688737
                                                                                                                                                                                                            • Opcode ID: f139b36ae17cb416d8c9760fc3af6eaf3b1ae1580197d04c20095e147e8c90e5
                                                                                                                                                                                                            • Instruction ID: 2fb57b84217251d6cb69419f0d2320865307b7e25879084473b39b58f55f7057
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f139b36ae17cb416d8c9760fc3af6eaf3b1ae1580197d04c20095e147e8c90e5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 726188719D7318ABD710AFB4AC5DE963FA8BE09B15714192AF121D32A1D7F48002FF61
                                                                                                                                                                                                            Function 00EDE7FF Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 415COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • ctype.LIBCPMT ref: 00EDE830
                                                                                                                                                                                                              • Part of subcall function 00E73055: __Getctype.LIBCPMT ref: 00E73064
                                                                                                                                                                                                              • Part of subcall function 00ED7D5B: __EH_prolog3.LIBCMT ref: 00ED7D62
                                                                                                                                                                                                              • Part of subcall function 00ED7D5B: std::_Lockit::_Lockit.LIBCPMT ref: 00ED7D6C
                                                                                                                                                                                                              • Part of subcall function 00ED7D5B: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7DDD
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE83E
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE855
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE89C
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE8CF
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE921
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE936
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE955
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE974
                                                                                                                                                                                                            • collate.LIBCPMT ref: 00EDE97E
                                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 00EDE9C0
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE9D4
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEABD
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEB18
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEB74
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEB89
                                                                                                                                                                                                              • Part of subcall function 00ED816E: __EH_prolog3.LIBCMT ref: 00ED8175
                                                                                                                                                                                                              • Part of subcall function 00ED816E: std::_Lockit::_Lockit.LIBCPMT ref: 00ED817F
                                                                                                                                                                                                              • Part of subcall function 00ED816E: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED81F0
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEBA8
                                                                                                                                                                                                              • Part of subcall function 00ED83C2: __EH_prolog3.LIBCMT ref: 00ED83C9
                                                                                                                                                                                                              • Part of subcall function 00ED83C2: std::_Lockit::_Lockit.LIBCPMT ref: 00ED83D3
                                                                                                                                                                                                              • Part of subcall function 00ED83C2: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED8444
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEBC7
                                                                                                                                                                                                              • Part of subcall function 00ED832D: __EH_prolog3.LIBCMT ref: 00ED8334
                                                                                                                                                                                                              • Part of subcall function 00ED832D: std::_Lockit::_Lockit.LIBCPMT ref: 00ED833E
                                                                                                                                                                                                              • Part of subcall function 00ED832D: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED83AF
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEBE6
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEC38
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEC7D
                                                                                                                                                                                                              • Part of subcall function 00EDDDD2: __EH_prolog3.LIBCMT ref: 00EDDDD9
                                                                                                                                                                                                              • Part of subcall function 00EDDDD2: _Getvals.LIBCPMT ref: 00EDDE2B
                                                                                                                                                                                                              • Part of subcall function 00EDDDD2: _Mpunct.LIBCPMT ref: 00EDDE66
                                                                                                                                                                                                              • Part of subcall function 00EDDDD2: _Mpunct.LIBCPMT ref: 00EDDE80
                                                                                                                                                                                                              • Part of subcall function 00ED8044: __EH_prolog3.LIBCMT ref: 00ED804B
                                                                                                                                                                                                              • Part of subcall function 00ED8044: std::_Lockit::_Lockit.LIBCPMT ref: 00ED8055
                                                                                                                                                                                                              • Part of subcall function 00ED8044: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED80C6
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEA41
                                                                                                                                                                                                              • Part of subcall function 00ED5688: Concurrency::cancel_current_task.LIBCPMT ref: 00ED5748
                                                                                                                                                                                                              • Part of subcall function 00ED5688: __EH_prolog3.LIBCMT ref: 00ED5755
                                                                                                                                                                                                              • Part of subcall function 00ED5688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00ED5781
                                                                                                                                                                                                              • Part of subcall function 00ED5688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 00ED578C
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDE9EB
                                                                                                                                                                                                              • Part of subcall function 00ED5688: __EH_prolog3.LIBCMT ref: 00ED568F
                                                                                                                                                                                                              • Part of subcall function 00ED5688: std::_Lockit::_Lockit.LIBCPMT ref: 00ED5699
                                                                                                                                                                                                              • Part of subcall function 00ED5688: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED573D
                                                                                                                                                                                                              • Part of subcall function 00ED7F1A: __EH_prolog3.LIBCMT ref: 00ED7F21
                                                                                                                                                                                                              • Part of subcall function 00ED7F1A: std::_Lockit::_Lockit.LIBCPMT ref: 00ED7F2B
                                                                                                                                                                                                              • Part of subcall function 00ED7F1A: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7F9C
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEA2C
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EDEA8A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Mpunct$Concurrency::cancel_current_taskGetcollGetctypeGetvalsLocinfoLocinfo::~_Makeloccollatectype
                                                                                                                                                                                                            • String ID: u{jD
                                                                                                                                                                                                            • API String ID: 207879573-4045313965
                                                                                                                                                                                                            • Opcode ID: 061571b0498aef619ceb5e39a28961af48aa4f62f7adcd1a0cdbcc7ec7c63ae0
                                                                                                                                                                                                            • Instruction ID: c714c55e30ae095616be4a482a73f3db2da0d65b2db3b4de01809d77faea06f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 061571b0498aef619ceb5e39a28961af48aa4f62f7adcd1a0cdbcc7ec7c63ae0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34D1E2B1C01215AEDB247F64890A6BF7AE4EF41354F15642EF9587B382EB318D01A7E2
                                                                                                                                                                                                            Function 00EE5D66 Relevance: 30.3, APIs: 20, Instructions: 287COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE5D6D
                                                                                                                                                                                                            • collate.LIBCPMT ref: 00EE5D76
                                                                                                                                                                                                              • Part of subcall function 00EE4A42: __EH_prolog3_GS.LIBCMT ref: 00EE4A49
                                                                                                                                                                                                              • Part of subcall function 00EE4A42: __Getcoll.LIBCPMT ref: 00EE4AAD
                                                                                                                                                                                                              • Part of subcall function 00EE4A42: std::_Locinfo::~_Locinfo.LIBCPMT ref: 00EE4AC9
                                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 00EE5DBC
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5DD0
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5DE5
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5E23
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5E36
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5E7C
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5EB0
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5F6B
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5F7E
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5F9B
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5FB8
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5FD5
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE5F0D
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • numpunct.LIBCPMT ref: 00EE6014
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE6024
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE6068
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE607B
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EE6098
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddfacLocimp::_Locimp_std::locale::_$std::_$GetcollLockit$H_prolog3H_prolog3_LocinfoLocinfo::~_Lockit::_Lockit::~_collatenumpunct
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2009638416-0
                                                                                                                                                                                                            • Opcode ID: 673854cafff2252d5a9c56f5a943a024d6a867e66950f77666f5ffc2ef57af37
                                                                                                                                                                                                            • Instruction ID: 2be6713a3cec4ace2258a40db95bcffcf551e0398a28a841ca41dd9a633a017d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 673854cafff2252d5a9c56f5a943a024d6a867e66950f77666f5ffc2ef57af37
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B910DB2D057596BDB207B728C06B7F79E8DF01358F11551DF918BB382EB708900A7A2
                                                                                                                                                                                                            Function 00EC0780 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 250COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Source, xrefs: 00EC07D1
                                                                                                                                                                                                            • DestDir, xrefs: 00EC0813
                                                                                                                                                                                                            • Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command, xrefs: 00EC0A3D, 00EC0A42
                                                                                                                                                                                                            • Failed to delete src cab (%d), xrefs: 00EC0A0D
                                                                                                                                                                                                            • invalid substitutor, xrefs: 00EC07C5
                                                                                                                                                                                                            • Unable to verify signature for file: %s, xrefs: 00EC0956
                                                                                                                                                                                                            • Unable to substitute variables for the EXTRACT_CAB_LOCAL command, xrefs: 00EC0A31
                                                                                                                                                                                                            • Unable to create desusertion directory (%d), xrefs: 00EC099B
                                                                                                                                                                                                            • Unable to substitute DeleteFile attribute, xrefs: 00EC08BC
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp, xrefs: 00EC08E5, 00EC0962, 00EC09A7, 00EC09DE, 00EC0A19, 00EC0A49
                                                                                                                                                                                                            • Failed to parse DeleteFile as a boolean - default to false, xrefs: 00EC08D9
                                                                                                                                                                                                            • Failed to extract cab (%s), xrefs: 00EC09D2
                                                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand, xrefs: 00EC095D, 00EC09A2, 00EC09D9, 00EC0A14
                                                                                                                                                                                                            • DeleteFile, xrefs: 00EC086B
                                                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute, xrefs: 00EC08E0, 00EC0A44
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: DeleteFile$DestDir$Failed to delete src cab (%d)$Failed to extract cab (%s)$Failed to parse DeleteFile as a boolean - default to false$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand$Source$Unable to create desusertion directory (%d)$Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command$Unable to substitute DeleteFile attribute$Unable to substitute variables for the EXTRACT_CAB_LOCAL command$Unable to verify signature for file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                            • API String ID: 0-2605792675
                                                                                                                                                                                                            • Opcode ID: 24677ee4a39439a7b8007a31bfecc3ed3c8ff141225b129c193b9719346f338f
                                                                                                                                                                                                            • Instruction ID: 4895b7d71c5ab3451518a0e18f7454b5f14b58a0f49701ab47f0d3ed9f2d1db5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24677ee4a39439a7b8007a31bfecc3ed3c8ff141225b129c193b9719346f338f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2912170A40304EBDF14DF90D952FAEB7B4AF45715F04101DF9057B282EBB6A94ACBA2
                                                                                                                                                                                                            Function 00E8A118 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E8DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8DF0C
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E8A143
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8A1AA
                                                                                                                                                                                                              • Part of subcall function 00E8E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E161
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 00E8A1C1
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00E8A1DD
                                                                                                                                                                                                            • CreateSemaphoreW.KERNEL32(00000000,00000000,000003E8,00000000), ref: 00E8A24C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00E8A268
                                                                                                                                                                                                            • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00000000), ref: 00E8A410
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001), ref: 00E8A46F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$CloseCreateHandleSemaphore$ErrorEventLastMtx_unlockRelease
                                                                                                                                                                                                            • String ID: E$Failed to create event semaphore$Failed to create stop event$Failed to initialize event sender$Failed to release semaphore. Error: $V
                                                                                                                                                                                                            • API String ID: 1380281556-3274429967
                                                                                                                                                                                                            • Opcode ID: 544b9dce4fda1b2698e78e050eb5a3c7f900870a65cc7a4d8d872247da5c7c45
                                                                                                                                                                                                            • Instruction ID: a35f1a3ddaf6148c1404c627f6faec9aabf251eb002b3f35b262e9e0c7ca2325
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 544b9dce4fda1b2698e78e050eb5a3c7f900870a65cc7a4d8d872247da5c7c45
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78B10470A01209DBEB14EF60C846BEDB7B5FF40304F14516AE81D77281EB756A49CB92
                                                                                                                                                                                                            Function 00EC0FA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 141filelibraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,D49C76F0,000000FF,00000000,00000000,00F1DF30,000000FF), ref: 00EC0FE8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00EC0FF8
                                                                                                                                                                                                            • CreateFileW.KERNEL32(000000FF,00000001,00000001,00000000,00000003,00000080,00000000,D49C76F0,000000FF,00000000,00000000,00F1DF30,000000FF), ref: 00EC1037
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EC1058
                                                                                                                                                                                                            • GetFileSize.KERNEL32(?,?), ref: 00EC1088
                                                                                                                                                                                                            • CreateFileMappingW.KERNEL32(?,00000000,00000002,?,00000000,00000000), ref: 00EC109C
                                                                                                                                                                                                            • MapViewOfFileEx.KERNEL32(00000000,00000004,00000000,00000000,?,00000000), ref: 00EC10D9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00EC10F0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h, xrefs: 00EC106B, 00EC110D
                                                                                                                                                                                                            • CreateFileTransactedW, xrefs: 00EC0FF2
                                                                                                                                                                                                            • Failed to map file to memory, xrefs: 00EC1101
                                                                                                                                                                                                            • NWebAdvisor::CFileMemMap::Init, xrefs: 00EC1066, 00EC1108
                                                                                                                                                                                                            • Failed to open the file: %d, xrefs: 00EC105F
                                                                                                                                                                                                            • kernel32.dll, xrefs: 00EC0FE3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$CreateHandle$AddressCloseErrorLastMappingModuleProcSizeView
                                                                                                                                                                                                            • String ID: CreateFileTransactedW$Failed to map file to memory$Failed to open the file: %d$NWebAdvisor::CFileMemMap::Init$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h$kernel32.dll
                                                                                                                                                                                                            • API String ID: 2423579280-2843467768
                                                                                                                                                                                                            • Opcode ID: 453c1a3dc5798fa7e3eeee8eb4c200e8c6d7727971eafaf1d8de0b3ec926b076
                                                                                                                                                                                                            • Instruction ID: ce32ae8c86cb349cf180706c031efd372f2b317a7b11cbd6009d4321c555460f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 453c1a3dc5798fa7e3eeee8eb4c200e8c6d7727971eafaf1d8de0b3ec926b076
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4141E570740305BBEB209F60CD07F6A77A4BB05B24F20165DFA11BA2C1D7F5A942DB95
                                                                                                                                                                                                            Function 00EC2FD0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 177registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,?,00000000,00000028,00000028,00000000,00000000,Name,00000004,00000000,00000000,Key,00000003,D49C76F0), ref: 00EC30F1
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000008), ref: 00EC317C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Invalid substitutor, xrefs: 00EC3005
                                                                                                                                                                                                            • Key, xrefs: 00EC3013
                                                                                                                                                                                                            • Error opening HKLM registry key: %d, xrefs: 00EC30FC
                                                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 00EC3103, 00EC315E, 00EC31A4, 00EC31CC
                                                                                                                                                                                                            • Unable to substitute variables for the DEL_REG_VALUE command, xrefs: 00EC31BC
                                                                                                                                                                                                            • Unable to read Key or Name for DEL_REG_VALUE command, xrefs: 00EC31C5
                                                                                                                                                                                                            • Cannnot delete registry value. Key or value not found. Key: %s Value: %s, xrefs: 00EC3157
                                                                                                                                                                                                            • Error (%d) deleting registry value (%s) in key: %s, xrefs: 00EC319D
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp, xrefs: 00EC3108, 00EC3163, 00EC31A9, 00EC31D1
                                                                                                                                                                                                            • Name, xrefs: 00EC3055
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpen
                                                                                                                                                                                                            • String ID: Cannnot delete registry value. Key or value not found. Key: %s Value: %s$Error (%d) deleting registry value (%s) in key: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Name$Unable to read Key or Name for DEL_REG_VALUE command$Unable to substitute variables for the DEL_REG_VALUE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp
                                                                                                                                                                                                            • API String ID: 47109696-1081640057
                                                                                                                                                                                                            • Opcode ID: e4b3867527c0e952322427dde9135800d468f1f85cf776201f9c756715cdb67b
                                                                                                                                                                                                            • Instruction ID: 5d147b9362a141a6d3059b37891915c3d5ce8b7a1c25bf41506c86060f70c7f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4b3867527c0e952322427dde9135800d468f1f85cf776201f9c756715cdb67b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2151F270A42308AFDB10DFA0CE56FAEB7B9EB05714F18511CF90477281DB71AA05DBA6
                                                                                                                                                                                                            Function 00EA8400 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetSpecialFolderPathW.SHELL32(00000000,00F5F278,00000023,00000001,00000004,00000000,00000000), ref: 00EA8462
                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00F5F278,00000000,00F5F278,00000104,\McAfee\), ref: 00EA8491
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EA849D
                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00F5F278,00000000,00F5F278,00000104,00F5F070), ref: 00EA84C5
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EA84CB
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00000104), ref: 00EA84FC
                                                                                                                                                                                                            • StrRChrW.SHLWAPI(?,00000000,0000005C), ref: 00EA8511
                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00F5F278,00000000,00F5F278,00000104,00000000), ref: 00EA852E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EA8534
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00EA85B9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateDirectoryErrorLast$CountFileFolderModuleNamePathSpecialTick
                                                                                                                                                                                                            • String ID: %uFile:%sFunction:%sLine:%d$\McAfee\$\log.txt
                                                                                                                                                                                                            • API String ID: 922589859-3713371193
                                                                                                                                                                                                            • Opcode ID: 7ce54bed3b546eac430ba1dd0b027562a055018f7d7fe62f0f18501cc82adb03
                                                                                                                                                                                                            • Instruction ID: 32bd3687b73bdf7d7d71bd4162fd32707a8833cf8807e2d9a2935c98c8c5162b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ce54bed3b546eac430ba1dd0b027562a055018f7d7fe62f0f18501cc82adb03
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A5109B1A8030CABEB20EB64DD46FDA77A4AF59704F1001A0FE08B75D1DAB0E9849B51
                                                                                                                                                                                                            Function 00EFCE60 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$Info
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2509303402-0
                                                                                                                                                                                                            • Opcode ID: 2a2f927edcd182bf01f00a2e552b88eb2e5ab9e306921391c9210651911dbc7e
                                                                                                                                                                                                            • Instruction ID: bfbca42a81eba34ba34265030407021f75310abb0c0543e50f35235a2dad32a7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a2f927edcd182bf01f00a2e552b88eb2e5ab9e306921391c9210651911dbc7e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52D19C719003099FDB21CFA8CC81BAEBBF5BF09304F144069E999B7292D775A945DB60
                                                                                                                                                                                                            Function 00E8B090 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 434COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8B311
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8B3AA
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8B43B
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8B21A
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8B64F
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E8B67C
                                                                                                                                                                                                              • Part of subcall function 00E91230: InitOnceBeginInitialize.KERNEL32(00F6823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,D49C76F0,?,?), ref: 00E9125A
                                                                                                                                                                                                              • Part of subcall function 00E91230: InitOnceComplete.KERNEL32(00F6823C,00000000,00000000), ref: 00E91278
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Error unable to encode the hash in Base64, xrefs: 00E8B40B
                                                                                                                                                                                                            • Failed to allocate HMAC buffer, xrefs: 00E8B276
                                                                                                                                                                                                            • HMAC creator initialization failed, xrefs: 00E8B17D
                                                                                                                                                                                                            • HMAC failed to get digest size, xrefs: 00E8B1EA
                                                                                                                                                                                                            • Invalid arguments supplied to HMACSha256 hash., xrefs: 00E8B61C
                                                                                                                                                                                                            • Failed to allocate HMAC base64 buffer, xrefs: 00E8B37A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize$Concurrency::cancel_current_task
                                                                                                                                                                                                            • String ID: Error unable to encode the hash in Base64$Failed to allocate HMAC base64 buffer$Failed to allocate HMAC buffer$HMAC creator initialization failed$HMAC failed to get digest size$Invalid arguments supplied to HMACSha256 hash.
                                                                                                                                                                                                            • API String ID: 1609125544-1991084185
                                                                                                                                                                                                            • Opcode ID: d5233151e6025e726677315d396763b03880519eee48e0f80157ec9ce476a1db
                                                                                                                                                                                                            • Instruction ID: c430acb6c13d02270b52f369626f9c0e2bac3f8647067cc14ce0873635209b33
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5233151e6025e726677315d396763b03880519eee48e0f80157ec9ce476a1db
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BF1E270D102489FDF14EFA4C855BEEBBF5AF54300F109198E81DBB282EB749A89CB51
                                                                                                                                                                                                            Function 00EF5A69 Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 403COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,00000003,?,?), ref: 00EF5B0F
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,00000003,?,?), ref: 00EF5B33
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Module$FileHandleName
                                                                                                                                                                                                            • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                                                                                                                                                                                                            • API String ID: 4146042529-3261600717
                                                                                                                                                                                                            • Opcode ID: 002ebce5ebc3c84c895ca1b80f5fb15dd42738ac1a66fa0aa76765e807e70917
                                                                                                                                                                                                            • Instruction ID: 8c5e1f17c5db3bf409bdc78b41569fdb218ca8ce001399807ce406b67bfef5bf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 002ebce5ebc3c84c895ca1b80f5fb15dd42738ac1a66fa0aa76765e807e70917
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71C12873B0060E66DB24AB648C4AFBB77A8EFB4744F0415A8FF19F2142F7309E528565
                                                                                                                                                                                                            Function 00EB0950 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 244fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00EB0490: CreateDirectoryW.KERNEL32(?,00000000,?), ref: 00EB04AA
                                                                                                                                                                                                              • Part of subcall function 00EB0490: GetLastError.KERNEL32 ref: 00EB04B8
                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000000,00000000,00000000,0000005C,00000001,00000000), ref: 00EB0BB5
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EB0BC2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateErrorLast$DirectoryFile
                                                                                                                                                                                                            • String ID: _$CreateDir failed for %s$CreateFile failed for %s: %d$NWebAdvisor::NUtils::StoreBufferInFile$WriteFile failed: %d$\$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp
                                                                                                                                                                                                            • API String ID: 1552088572-3997847135
                                                                                                                                                                                                            • Opcode ID: 1140b17e247a1acfc616d6d17754e3539d99fde34d0b0a53247e203c4f651808
                                                                                                                                                                                                            • Instruction ID: 04d341b2e16e0463350575c06784dcc3fc233e8b2e9c1301da4144625416e656
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1140b17e247a1acfc616d6d17754e3539d99fde34d0b0a53247e203c4f651808
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3A18E71D00308DEDF14DFA4C855BEEBBB4BF58318F145219E909BB191EB706A85CBA1
                                                                                                                                                                                                            Function 00EC3300 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 217registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00EC3545
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                            • String ID: Cannnot delete registry key. Not found: %s$Error (%d) deleting registry key tree: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Unable to read Key for DEL_REG_TREE command$Unable to substitute variables for the DEL_REG_TREE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp
                                                                                                                                                                                                            • API String ID: 3535843008-3762851336
                                                                                                                                                                                                            • Opcode ID: b194d2197106b1fb99c98162e811865fe2fc2f78397cae995c4789193feb22d9
                                                                                                                                                                                                            • Instruction ID: 9b7429b3b389ef12d5ad12cc5212d1f0de2c3225aa50fd16beca837dba95ed7f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b194d2197106b1fb99c98162e811865fe2fc2f78397cae995c4789193feb22d9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2971F331A40204ABDF14DF64C952FAEB7B4FF05714F549118E9217B282CB72EA02DBA1
                                                                                                                                                                                                            Function 00EE87E7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(00F6742C,00000FA0,?,?,00EE87C5), ref: 00EE87F3
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00EE87C5), ref: 00EE87FE
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00EE87C5), ref: 00EE880F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00EE8821
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00EE882F
                                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00EE87C5), ref: 00EE8852
                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(00F6742C,00000007,?,?,00EE87C5), ref: 00EE8875
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00EE87C5), ref: 00EE8885
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00EE87F9
                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00EE8827
                                                                                                                                                                                                            • kernel32.dll, xrefs: 00EE880A
                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00EE881B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                            • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                            • API String ID: 2565136772-3242537097
                                                                                                                                                                                                            • Opcode ID: c8a4c158a1db5366e7eee558ad589107d70ad5c2eb4394e7644dfa2266b2971f
                                                                                                                                                                                                            • Instruction ID: 30075de5ee5c1a9b06f75d93c9a9585c14f6d9955a83d94198f99467398ecb5f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8a4c158a1db5366e7eee558ad589107d70ad5c2eb4394e7644dfa2266b2971f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B017131A45719ABD730AB76AD0DF163E98EF84B59B541430FD19F31A0DEB0C802B766
                                                                                                                                                                                                            Function 00F0BC3F Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 00F0BC83
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0AFE4
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0AFF6
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B008
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B01A
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B02C
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B03E
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B050
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B062
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B074
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B086
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B098
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B0AA
                                                                                                                                                                                                              • Part of subcall function 00F0AFC7: _free.LIBCMT ref: 00F0B0BC
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BC78
                                                                                                                                                                                                              • Part of subcall function 00F02098: RtlFreeHeap.NTDLL(00000000,00000000,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?), ref: 00F020AE
                                                                                                                                                                                                              • Part of subcall function 00F02098: GetLastError.KERNEL32(?,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?,?), ref: 00F020C0
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BC9A
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BCAF
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BCBA
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BCDC
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BCEF
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BCFD
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BD08
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BD40
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BD47
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BD64
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BD7C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                                                            • Opcode ID: c6442da9fbfa91b369875281e00f73be946f4ac270266b2bcad61d8e5ab311dd
                                                                                                                                                                                                            • Instruction ID: 8a149c3fed5d1960ff8085b774bd94229654c99984dcd2949b9e79bfe3a3f9cc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6442da9fbfa91b369875281e00f73be946f4ac270266b2bcad61d8e5ab311dd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B314E31A007059FEB31AA39DC49B5AB7E9EF11321F148829E859D72D1DF75AC44FB20
                                                                                                                                                                                                            Function 00E8E843 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 319COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8E8A8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Authorization: , xrefs: 00E8E8EB
                                                                                                                                                                                                            • Failed to create access token, xrefs: 00E8E881
                                                                                                                                                                                                            • HTTP send request failed for Azure: , xrefs: 00E8EB62
                                                                                                                                                                                                            • HTTP status error for Azure: , xrefs: 00E8EA71
                                                                                                                                                                                                            • HTTP receive response failed for Azure: , xrefs: 00E8EAE7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                            • String ID: Authorization: $Failed to create access token$HTTP receive response failed for Azure: $HTTP send request failed for Azure: $HTTP status error for Azure:
                                                                                                                                                                                                            • API String ID: 539357862-3146981654
                                                                                                                                                                                                            • Opcode ID: 8e8713703cf3ba93be344a80dac09cd9d17913f206647bef57d265c089f4f2be
                                                                                                                                                                                                            • Instruction ID: 3911f52e4c98caf1831d334a20e60e6a9c517e2653a6273467b83ae3e044dcb8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e8713703cf3ba93be344a80dac09cd9d17913f206647bef57d265c089f4f2be
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7D17D70A0025D9FDB28EB60CD45BEDB7B8AF44304F5094D8E50DB7281DB70AA88DFA1
                                                                                                                                                                                                            Function 00E9BDF0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E9BE2F
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E9BE51
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E9BE71
                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00E9BFCD
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00E9BFDA
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E9BFFC
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E9C01E
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E9C023
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E9C028
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Concurrency::cancel_current_task$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                                            • API String ID: 2461315636-2658103896
                                                                                                                                                                                                            • Opcode ID: 387a34989873ffd72ec86829a97a5bdf783dc331db091a025381ca6a2c1cce2b
                                                                                                                                                                                                            • Instruction ID: 5a22e591f897fdc34bebcdcaadae4591b0a5ea9d0aa660c52bef49df068e095b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 387a34989873ffd72ec86829a97a5bdf783dc331db091a025381ca6a2c1cce2b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D61CB70A002099FDB10DFA4DA41BAEBBF4FF50304F10511EE915BB391DBB5AA46DB92
                                                                                                                                                                                                            Function 00F0B0D0 Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                            • Opcode ID: fa43d08e673bb6cc07672bf816765f4baea140d778a2a46c90efc4c0653964e6
                                                                                                                                                                                                            • Instruction ID: a8a9bb6ed0c64d803a4afaeeeafa7be600fed385d408490c0433d99db976f26f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa43d08e673bb6cc07672bf816765f4baea140d778a2a46c90efc4c0653964e6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DC14176D40204AFDB20DBA8CC82FEE77F8AB09750F154165FE45EB2C2D6749941ABA0
                                                                                                                                                                                                            Function 00E8D972 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 374COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E7BA20: Concurrency::cancel_current_task.LIBCPMT ref: 00E7BB9D
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8DBE9
                                                                                                                                                                                                              • Part of subcall function 00E8D740: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8D7E7
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8DB35
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8DF0C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitialize
                                                                                                                                                                                                            • String ID: &se=$&sig=$&skn=$Event Sender already initialized for Azure$Failed to create HMACSha256 Hash$Failed to escape hash$SharedAccessSignature sr=
                                                                                                                                                                                                            • API String ID: 3638550806-2007429668
                                                                                                                                                                                                            • Opcode ID: 54089363be9e8368300770da5a44dbef2df78378d5191d690875d39b2e84e977
                                                                                                                                                                                                            • Instruction ID: 84824f8dd3183bb9a798ae73dfddd1bb84759e1db5ef7c9670a7cef96f9ea971
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54089363be9e8368300770da5a44dbef2df78378d5191d690875d39b2e84e977
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAE1DF70D04258ABDF18EBA4DC89BDDB7B5AF45304F109298E40CB7292EB75AB84CF51
                                                                                                                                                                                                            Function 00EA91A0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00F4A536,00000003), ref: 00EA91C9
                                                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 00EA91DE
                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00EA91EE
                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00EA91FD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to retrieve kernel verison, xrefs: 00EA932C
                                                                                                                                                                                                            • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion, xrefs: 00EA927F, 00EA9336
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 00EA9284, 00EA933B
                                                                                                                                                                                                            • Failed to format version, xrefs: 00EA9275
                                                                                                                                                                                                            • %d.%d.%d.%d, xrefs: 00EA925E
                                                                                                                                                                                                            • kernel32.dll, xrefs: 00EA91B8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Resource$FindHandleLoadLockModule
                                                                                                                                                                                                            • String ID: %d.%d.%d.%d$Failed to format version$Failed to retrieve kernel verison$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32.dll
                                                                                                                                                                                                            • API String ID: 3968257194-3470154288
                                                                                                                                                                                                            • Opcode ID: 322ede406819cbfee26675c9e1a4f4e14bc0ad7a6cefb7ac305b8fddca013bec
                                                                                                                                                                                                            • Instruction ID: d2cee4bd3df18497a3310cea631a0afe49be0b2b77b508784cf13c0e1df9fb04
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 322ede406819cbfee26675c9e1a4f4e14bc0ad7a6cefb7ac305b8fddca013bec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A151F670A003149BDF249F25DC45BABB7F4EF09708F10159DE90AAB2C2EB75AA45CB91
                                                                                                                                                                                                            Function 00ED5822 Relevance: 16.7, APIs: 11, Instructions: 183COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED5853
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED5866
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED58AB
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED58DF
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED5933
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED5946
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED5963
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED5980
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED59BD
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00ED59D0
                                                                                                                                                                                                            • std::locale::_Locimp::_Makeushloc.LIBCPMT ref: 00ED59F8
                                                                                                                                                                                                              • Part of subcall function 00E9C930: __Getctype.LIBCPMT ref: 00E9C948
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Locimp::_std::locale::_$AddfacLocimp_$Lockitstd::_$GetctypeLockit::_Lockit::~_Makeushloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1462480416-0
                                                                                                                                                                                                            • Opcode ID: d9482d5ef1a290a6e6fca420a827841241be1d9f179c9dcd69ddf176d3eb2f1a
                                                                                                                                                                                                            • Instruction ID: 6ae213a147198b7cb22c5a6f5a6173705fa153e4f4b081800426f195700edf59
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9482d5ef1a290a6e6fca420a827841241be1d9f179c9dcd69ddf176d3eb2f1a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08511AB29016056FDB257B718C56A7F39ECDF51364F50642EF918B7382EF308902A2B2
                                                                                                                                                                                                            Function 00E89C10 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 369COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __Mtx_destroy_in_situ.LIBCPMT ref: 00E89C1A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Wait failed: , xrefs: 00E8A93F
                                                                                                                                                                                                            • Wait timeout. Should not have gotten this..., xrefs: 00E8A86F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mtx_destroy_in_situ
                                                                                                                                                                                                            • String ID: Wait failed: $Wait timeout. Should not have gotten this...
                                                                                                                                                                                                            • API String ID: 3543493169-4232610396
                                                                                                                                                                                                            • Opcode ID: fa32d134d9851c81a72e59b343685a3df8f0a009a66da4cb620e4339f61fc475
                                                                                                                                                                                                            • Instruction ID: 6395d874d0e9da1e29062485bb0bcec503d62eb6b354a0d2fef0fb3741153a93
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa32d134d9851c81a72e59b343685a3df8f0a009a66da4cb620e4339f61fc475
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05E18CB0A00A449EEB24DF74C884BEBB7F5FF04304F14152EE56EA7281DB75A944CB96
                                                                                                                                                                                                            Function 00EEC338 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00EEC435
                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 00EEC457
                                                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 00EEC566
                                                                                                                                                                                                            • IsInExceptionSpec.LIBVCRUNTIME ref: 00EEC638
                                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00EEC6BC
                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 00EEC6D7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                            • API String ID: 2123188842-393685449
                                                                                                                                                                                                            • Opcode ID: 2c922d84fe963aa8ed5e86b1117e348b5fb905fcc8092f6aac566a6e33534558
                                                                                                                                                                                                            • Instruction ID: c965673d9414ef2079afef12a25e9a15f5c6ec8f26535501d036b910c0a20d38
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c922d84fe963aa8ed5e86b1117e348b5fb905fcc8092f6aac566a6e33534558
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CB16A7180028EEFCF15DFA6C9819AFBBB5BF04318B246159E8157B252D331EA52CF91
                                                                                                                                                                                                            Function 00E869A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(D49C76F0,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 00E869E9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(D49C76F0,?,?,00000000), ref: 00E869FB
                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00E86A2A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00E86A3D
                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mfeaaca.dll,?), ref: 00E86A8B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,NotComDllUnload), ref: 00E86A9E
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00E86AB8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseControlDevice$AddressFreeLibraryModuleProc
                                                                                                                                                                                                            • String ID: NotComDllUnload$mfeaaca.dll
                                                                                                                                                                                                            • API String ID: 2321898493-1077453148
                                                                                                                                                                                                            • Opcode ID: 8ebe64e7d8cd000f07a2a49606534156ffefe886b7cbb67b6a161a9c4d67b78e
                                                                                                                                                                                                            • Instruction ID: f852b6e0e749f64252b103da5320f7481fd0ef1ab80ed00ade97029e81e766d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ebe64e7d8cd000f07a2a49606534156ffefe886b7cbb67b6a161a9c4d67b78e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1316F753003059BDB24EF24DC89B2A7BA8AF44B15F244659F91DBB2D0DB70EC05CB92
                                                                                                                                                                                                            Function 00EC4280 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 133COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp, xrefs: 00EC432A, 00EC438D, 00EC43DD
                                                                                                                                                                                                            • NWebAdvisor::CHttpTransaction::Connect, xrefs: 00EC43D8
                                                                                                                                                                                                            • Unable to set proxy option, error: %d, xrefs: 00EC43CE
                                                                                                                                                                                                            • NWebAdvisor::CHttpTransaction::SetAutoProxy, xrefs: 00EC4325
                                                                                                                                                                                                            • # SetAutoProxy: Can't get proxy. Err: %d, xrefs: 00EC431E
                                                                                                                                                                                                            • NWebAdvisor::CHttpTransaction::SetAutoProxyUrl, xrefs: 00EC4388
                                                                                                                                                                                                            • # SetAutoProxyUrl: Can't get proxy. Err: %d, xrefs: 00EC4381
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                                            • String ID: # SetAutoProxy: Can't get proxy. Err: %d$# SetAutoProxyUrl: Can't get proxy. Err: %d$NWebAdvisor::CHttpTransaction::Connect$NWebAdvisor::CHttpTransaction::SetAutoProxy$NWebAdvisor::CHttpTransaction::SetAutoProxyUrl$Unable to set proxy option, error: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp
                                                                                                                                                                                                            • API String ID: 1452528299-2881327693
                                                                                                                                                                                                            • Opcode ID: 93f59a9a7dc5bbea0c63135d5e5fecc0a6abddb848318da6012023fa220cf422
                                                                                                                                                                                                            • Instruction ID: a54ba527f1e99077bbbfbc3e5a26fa03239e3d94b9fcbea2d0effab235848e2b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93f59a9a7dc5bbea0c63135d5e5fecc0a6abddb848318da6012023fa220cf422
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE417DB0E40309AFEB10CFA8CD55FAEB7F8EF58714F00811AE914B6280DBB59954DB65
                                                                                                                                                                                                            Function 00F01B91 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01BA7
                                                                                                                                                                                                              • Part of subcall function 00F02098: RtlFreeHeap.NTDLL(00000000,00000000,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?), ref: 00F020AE
                                                                                                                                                                                                              • Part of subcall function 00F02098: GetLastError.KERNEL32(?,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?,?), ref: 00F020C0
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01BB3
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01BBE
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01BC9
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01BD4
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01BDF
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01BEA
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01BF5
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01C00
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01C0E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                            • Opcode ID: 0ba37532acb08f144b9df1dac8c968c8d4ded81d98656b0036988241194d550c
                                                                                                                                                                                                            • Instruction ID: d20faed0d7ec3b0b6a52a4d3c395f854a239a5d527b0938e742f937c7eb6a2d4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba37532acb08f144b9df1dac8c968c8d4ded81d98656b0036988241194d550c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B21AD76900108AFCB41EFA4CC85DDD7BB9FF09340F4085A5F915AB261DB35DA48EB90
                                                                                                                                                                                                            Function 00EE1610 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE1617
                                                                                                                                                                                                              • Part of subcall function 00ED7DF0: __EH_prolog3.LIBCMT ref: 00ED7DF7
                                                                                                                                                                                                              • Part of subcall function 00ED7DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00ED7E01
                                                                                                                                                                                                              • Part of subcall function 00ED7DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7E72
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                            • API String ID: 1538362411-2891247106
                                                                                                                                                                                                            • Opcode ID: 0ad96588a37992e0b659e9477ee12a77f74765740d03c81413b37b5986261ed7
                                                                                                                                                                                                            • Instruction ID: dd8d25631ea96f36e9d1d58b6661f2565a998ba702521388ddfe1183d9ef3df4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ad96588a37992e0b659e9477ee12a77f74765740d03c81413b37b5986261ed7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FB18B7190024EABCF19DF69C965DFE7BB9FF49704F04519AFA02B2291D231CA90DB21
                                                                                                                                                                                                            Function 00EE19E0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE19E7
                                                                                                                                                                                                              • Part of subcall function 00E732DE: __EH_prolog3_GS.LIBCMT ref: 00E732E5
                                                                                                                                                                                                              • Part of subcall function 00E732DE: std::_Lockit::_Lockit.LIBCPMT ref: 00E732F2
                                                                                                                                                                                                              • Part of subcall function 00E732DE: std::_Lockit::~_Lockit.LIBCPMT ref: 00E73360
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Lockitstd::_$H_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                            • API String ID: 2728201062-2891247106
                                                                                                                                                                                                            • Opcode ID: a35229353a07f9dc13d6d0a23d9fb92411297598ed620a28c66a6103cfe5c100
                                                                                                                                                                                                            • Instruction ID: 9b6f9bd4cbc1c03bd4d8bd0e4ef13f86330b8d1329e2508c2f3cf48497f30531
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a35229353a07f9dc13d6d0a23d9fb92411297598ed620a28c66a6103cfe5c100
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3B1AC7194024EABCF19DF6ACD65DFE7BB9EF05308F145199FA02B2261D231CA90DB10
                                                                                                                                                                                                            Function 00EE6940 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE6947
                                                                                                                                                                                                              • Part of subcall function 00E9C960: std::_Lockit::_Lockit.LIBCPMT ref: 00E9C995
                                                                                                                                                                                                              • Part of subcall function 00E9C960: std::_Lockit::_Lockit.LIBCPMT ref: 00E9C9B7
                                                                                                                                                                                                              • Part of subcall function 00E9C960: std::_Lockit::~_Lockit.LIBCPMT ref: 00E9C9D7
                                                                                                                                                                                                              • Part of subcall function 00E9C960: std::_Lockit::~_Lockit.LIBCPMT ref: 00E9CAB1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                            • API String ID: 1383202999-2891247106
                                                                                                                                                                                                            • Opcode ID: a9cf8568057a5dc7c4196173cbf556ae5df2b209ac6b7b9fa2fec3158d43e932
                                                                                                                                                                                                            • Instruction ID: 89c7f988066f2401a3dfc156e37ca9f63a9a29f726a36f9db10b354b1cdf959f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9cf8568057a5dc7c4196173cbf556ae5df2b209ac6b7b9fa2fec3158d43e932
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4B1DE7190014EABCF19DF6AC955DFE7BB9EB24398F106129FA46B6291D331CA10DB20
                                                                                                                                                                                                            Function 00EC0C80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 244fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,D49C76F0,00000000), ref: 00EC0E20
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EC0E2E
                                                                                                                                                                                                              • Part of subcall function 00EC0FA0: GetModuleHandleW.KERNEL32(kernel32.dll,D49C76F0,000000FF,00000000,00000000,00F1DF30,000000FF), ref: 00EC0FE8
                                                                                                                                                                                                              • Part of subcall function 00EC0FA0: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00EC0FF8
                                                                                                                                                                                                              • Part of subcall function 00EC0FA0: GetLastError.KERNEL32 ref: 00EC1058
                                                                                                                                                                                                              • Part of subcall function 00EA8650: std::locale::_Init.LIBCPMT ref: 00EA882F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Unable to create desusertion directory (%d), xrefs: 00EC0D94
                                                                                                                                                                                                            • Failed to load cab %s, xrefs: 00EC0F05
                                                                                                                                                                                                            • NWebAdvisor::CCabParser::GetContentFile, xrefs: 00EC0D9B, 00EC0E3C
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00EC0DA0, 00EC0E41, 00EC0F11
                                                                                                                                                                                                            • CreateFile failed: %d, xrefs: 00EC0E35
                                                                                                                                                                                                            • NWebAdvisor::CCabParser::LoadCabFile, xrefs: 00EC0F0C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$AddressCreateFileHandleInitModuleProcstd::locale::_
                                                                                                                                                                                                            • String ID: CreateFile failed: %d$Failed to load cab %s$NWebAdvisor::CCabParser::GetContentFile$NWebAdvisor::CCabParser::LoadCabFile$Unable to create desusertion directory (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                            • API String ID: 1808632809-3418505487
                                                                                                                                                                                                            • Opcode ID: 2ad2b0d59be1ca0256c9b01ea6bd02a13660812b648d80668968898354203239
                                                                                                                                                                                                            • Instruction ID: 3ca388e941208c459308a7f421f5e3c95f274230731f4fa9dad0c40103e10251
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ad2b0d59be1ca0256c9b01ea6bd02a13660812b648d80668968898354203239
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E918F71A00208EFDB14DFA4D996FDEB7B8EB08714F20812DE515B7281D771AA06DB51
                                                                                                                                                                                                            Function 00ED1B90 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 192encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,?), ref: 00ED1CB1
                                                                                                                                                                                                            • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,?), ref: 00ED1CE5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CertCertificateContextProperty
                                                                                                                                                                                                            • String ID: 1.2.840.10045.4.1$1.2.840.10045.4.3$1.2.840.10045.4.3.2$1.2.840.10045.4.3.3$1.2.840.10045.4.3.4$MUSARUBRA US LLC
                                                                                                                                                                                                            • API String ID: 665277682-2910604786
                                                                                                                                                                                                            • Opcode ID: dba6c1001b42ba2f9659de56f9479b57318699da0c4b51e130856a867ded9a04
                                                                                                                                                                                                            • Instruction ID: b165ebbbac1a516292f4e4ba52bee4ab0422d3762d34689ee1be1c1fdb00aebc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dba6c1001b42ba2f9659de56f9479b57318699da0c4b51e130856a867ded9a04
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC517A716043016FCB24DF24D881A66F7E2FF40329F0851BEE856A7352D721EC06C7A2
                                                                                                                                                                                                            Function 00EDDE9D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00EDDEA4
                                                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00EDDF0D
                                                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00EDDF1F
                                                                                                                                                                                                            • _Maklocchr.LIBCPMT ref: 00EDDF37
                                                                                                                                                                                                            • _Maklocchr.LIBCPMT ref: 00EDDF47
                                                                                                                                                                                                            • _Getvals.LIBCPMT ref: 00EDDF69
                                                                                                                                                                                                              • Part of subcall function 00ED760B: _Maklocchr.LIBCPMT ref: 00ED763A
                                                                                                                                                                                                              • Part of subcall function 00ED760B: _Maklocchr.LIBCPMT ref: 00ED7650
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                                            • API String ID: 3549167292-2658103896
                                                                                                                                                                                                            • Opcode ID: ef614ad3d9a9333b5425bcfb10afeed39c3268c46dda30c9a1d898e4537ec99f
                                                                                                                                                                                                            • Instruction ID: 01ee5cd77862308826049053f3694c7fbe91d8d4f1d66a749280e4eb165b0e23
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef614ad3d9a9333b5425bcfb10afeed39c3268c46dda30c9a1d898e4537ec99f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F214F72D04208AADF14EFA5D846ADF7BA8EF04710F00945BF919AF252EB708545CBA1
                                                                                                                                                                                                            Function 00F0F5F9 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e567b00d07831ff746df1d56bfa49f19e9e5b39f739a07f982503a53d279b426
                                                                                                                                                                                                            • Instruction ID: af9bfa07d90751c84d3f6ba17e475ed3826845bf38ca0bb5375a5d054a93f399
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e567b00d07831ff746df1d56bfa49f19e9e5b39f739a07f982503a53d279b426
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00C1C071E04249AFDB25DFA9CC80BADBBF0AF49310F144069E414AB7D2C775990AFB61
                                                                                                                                                                                                            Function 00F0B4F0 Relevance: 13.7, APIs: 9, Instructions: 200COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                            • Opcode ID: c6be34405acf60ccef376547d8f5fd38bb995e9067a533435f718101317e317d
                                                                                                                                                                                                            • Instruction ID: 33bd70a1d04cdaf2d95231bb4544c17f9aa4b59acec47cbec0a3ba972b36c111
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6be34405acf60ccef376547d8f5fd38bb995e9067a533435f718101317e317d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F61AF72900704AFDB20DF74DC41BAAB7F8AF45320F2445A9E956EB2C1EB719D44BB60
                                                                                                                                                                                                            Function 00ED394B Relevance: 13.6, APIs: 9, Instructions: 139threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3943753294-0
                                                                                                                                                                                                            • Opcode ID: f2633395dfbaebd7b1666e3195c8d2376339b86c19931ee2524c0caeadf05f27
                                                                                                                                                                                                            • Instruction ID: 4f9eb8ce543033ac47d86e3354617ee8f3fc348f1798e3163cd001300a94125d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2633395dfbaebd7b1666e3195c8d2376339b86c19931ee2524c0caeadf05f27
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B517A30A00209CBCF20DF25C5959A9B7B1FF08315B25645BE846BB395D770EE42CBA2
                                                                                                                                                                                                            Function 00EBE760 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 00EBE877
                                                                                                                                                                                                            • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000014), ref: 00EBE8A9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CertCertificateContextProperty
                                                                                                                                                                                                            • String ID: 1.2.840.10045.4.1$1.2.840.10045.4.3$1.2.840.10045.4.3.2$1.2.840.10045.4.3.3$1.2.840.10045.4.3.4
                                                                                                                                                                                                            • API String ID: 665277682-3196566809
                                                                                                                                                                                                            • Opcode ID: c902703559f1547b3d02c636f466996947840a715c3fbd8dc5b68126b98ca536
                                                                                                                                                                                                            • Instruction ID: dbc7aadc9f7983d26bff31227f922efde9ea1ff181abf29aa7e8921748981e1b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c902703559f1547b3d02c636f466996947840a715c3fbd8dc5b68126b98ca536
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18512A71A007459BCF249F25D881BEBB7A1AF50328F0852B9EC1AB7352D771ED04C751
                                                                                                                                                                                                            Function 00E9E2C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: z
                                                                                                                                                                                                            • API String ID: 0-1657960367
                                                                                                                                                                                                            • Opcode ID: 50147dec05e6792fc2edee72dd574738d38acdefe6066e29bf124d2610741c01
                                                                                                                                                                                                            • Instruction ID: 92a74b1184894baf83f6414bde4500b8b74340619c8e7c8b0ed2f0cb4574260e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50147dec05e6792fc2edee72dd574738d38acdefe6066e29bf124d2610741c01
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88516571A00219ABEF20DB94DC45FEEB7B8FB44324F105169EA15B7341D775AE05CBA0
                                                                                                                                                                                                            Function 00E87107 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E87D3D
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E87DC8
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E87DFC
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E87EBB
                                                                                                                                                                                                              • Part of subcall function 00E94B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E9521E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                            • String ID: Failed to add event category ($Service has not been initialized$V
                                                                                                                                                                                                            • API String ID: 342047005-375236208
                                                                                                                                                                                                            • Opcode ID: f0f51f7f9f831a97f88d27f2ef4e809efb81c034afbbf2b8e6cdb33e6f65fab2
                                                                                                                                                                                                            • Instruction ID: c2c7918e4321f40867ae77114b7f7947c2aa61be558ade33b3da9809d1f55d59
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0f51f7f9f831a97f88d27f2ef4e809efb81c034afbbf2b8e6cdb33e6f65fab2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D751C171904248DFDB14EF64D856BEE7BF4FF44304F5051A9E80EA7282EB75AA08CB61
                                                                                                                                                                                                            Function 00E9BBB0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E9BBE6
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E9BC06
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E9BC26
                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00E9BCB4
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00E9BCC1
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E9BCE3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                            • String ID: ios_base::badbit set
                                                                                                                                                                                                            • API String ID: 2966223926-3882152299
                                                                                                                                                                                                            • Opcode ID: be8a495351bb4fb54867dcaa1a0c101eee6db0e64b6071fd47995befc86056ad
                                                                                                                                                                                                            • Instruction ID: f29eedb1bb5c386b8cfeeedec86e116bef115751611e58709064f53eb1fd13dd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: be8a495351bb4fb54867dcaa1a0c101eee6db0e64b6071fd47995befc86056ad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC418871A00209CFCB14DF54EA81AAEB7B4FB50714F20115EE816BB391DF70AA06EB81
                                                                                                                                                                                                            Function 00EBC600 Relevance: 12.2, APIs: 8, Instructions: 240COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::locale::_Init.LIBCPMT ref: 00EBC641
                                                                                                                                                                                                              • Part of subcall function 00ED3084: __EH_prolog3.LIBCMT ref: 00ED308B
                                                                                                                                                                                                              • Part of subcall function 00ED3084: std::_Lockit::_Lockit.LIBCPMT ref: 00ED3096
                                                                                                                                                                                                              • Part of subcall function 00ED3084: std::locale::_Setgloballocale.LIBCPMT ref: 00ED30B1
                                                                                                                                                                                                              • Part of subcall function 00ED3084: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED3107
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EBC6CB
                                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EBC713
                                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00EBC748
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EBC7DD
                                                                                                                                                                                                              • Part of subcall function 00EEE960: _free.LIBCMT ref: 00EEE973
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EBC82B
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EBC84C
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EBC85B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_std::locale::_$Locinfo::_$AddfacH_prolog3InitLocimp::_Locimp_Locinfo_ctorLocinfo_dtorSetgloballocale_free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3887427400-0
                                                                                                                                                                                                            • Opcode ID: 47d0f9bb0360b4fe3127b1af406c5f2a8177cea931dcd61719e49d31184faa0f
                                                                                                                                                                                                            • Instruction ID: 2ecb3d37fd44ca7966a1acb86def3c88b968401357c808abda2f5f41ecbd9dfd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47d0f9bb0360b4fe3127b1af406c5f2a8177cea931dcd61719e49d31184faa0f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32A19CB0D00349DFEB10DFA5D845B9EBBF4AF44304F14552AE815B7382EBB5AA44CB91
                                                                                                                                                                                                            Function 00F0A764 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3409252457-0
                                                                                                                                                                                                            • Opcode ID: ca0ab3ec8180d28f297698f5e6daade629f13caf77df75531bb59a1fbfa7c91d
                                                                                                                                                                                                            • Instruction ID: 7b183179525184c7b35e7d9fe0973a8c4ddf9d31a2f847a9cc65ce9947d0f25b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca0ab3ec8180d28f297698f5e6daade629f13caf77df75531bb59a1fbfa7c91d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73510971E04309AFDB20AFB48C41A6DBBF4EF01364F1581AAF961972C1EB359941FB52
                                                                                                                                                                                                            Function 00E98690 Relevance: 12.2, APIs: 8, Instructions: 172COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00EE987E: EnterCriticalSection.KERNEL32(00F677A0,?,00000001,?,00E986A7,00000000,?,00000001,?,00000000,?,?,00E9C338,-00000010), ref: 00EE9889
                                                                                                                                                                                                              • Part of subcall function 00EE987E: LeaveCriticalSection.KERNEL32(00F677A0,?,00E986A7,00000000,?,00000001,?,00000000,?,?,00E9C338,-00000010,?,?,?,D49C76F0), ref: 00EE98B5
                                                                                                                                                                                                            • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 00E986D6
                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00E986E4
                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00E986EF
                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 00E986FD
                                                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00E98764
                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00E98776
                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00E98785
                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 00E98797
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Resource$CriticalFindLoadLockSectionSizeof$EnterLeave
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 506522749-0
                                                                                                                                                                                                            • Opcode ID: ae297a0a76e9298fabb72f3bb1ad9028cbebe78032e07fa9dc4d1341242b2c44
                                                                                                                                                                                                            • Instruction ID: 229149f516e20b3306e5e5ac1ff587d0246dd56a130ae321e154673cd73023c4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae297a0a76e9298fabb72f3bb1ad9028cbebe78032e07fa9dc4d1341242b2c44
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF414531A042159BCB38AF68D984A7BB3E8EF91345F10192EFD55E7221EF70DC0686A0
                                                                                                                                                                                                            Function 00F0087D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                              • Part of subcall function 00F01CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00B8A
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00BA3
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00BE1
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00BEA
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00BF6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$ErrorLast
                                                                                                                                                                                                            • String ID: C
                                                                                                                                                                                                            • API String ID: 3291180501-1037565863
                                                                                                                                                                                                            • Opcode ID: b6d1f62a651b2e4803c19cb1fbfc4d102f4a73350e9219a0ed550ec341a764b6
                                                                                                                                                                                                            • Instruction ID: 26b372e89c309d803cc91a530c226d9d4337b608798badbed8269733dfa3a4fc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6d1f62a651b2e4803c19cb1fbfc4d102f4a73350e9219a0ed550ec341a764b6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99B12975A0121A9BDB24DF18CC84BADB7B4FF58314F5045EAE949A7391DB70AE80EF40
                                                                                                                                                                                                            Function 00E91230 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InitOnceBeginInitialize.KERNEL32(00F6823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,D49C76F0,?,?), ref: 00E9125A
                                                                                                                                                                                                            • InitOnceComplete.KERNEL32(00F6823C,00000000,00000000), ref: 00E91278
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • [%S:(%d)][%S] Failed to create HMAC traits., xrefs: 00E912F8
                                                                                                                                                                                                            • C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp, xrefs: 00E912F3, 00E913DE
                                                                                                                                                                                                            • McCryptoLib::CMcCryptoHMACWin::Initialize, xrefs: 00E912EC, 00E913D7
                                                                                                                                                                                                            • [%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls, xrefs: 00E913E3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                            • String ID: C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp$McCryptoLib::CMcCryptoHMACWin::Initialize$[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls$[%S:(%d)][%S] Failed to create HMAC traits.
                                                                                                                                                                                                            • API String ID: 51270584-3897904871
                                                                                                                                                                                                            • Opcode ID: 33a03787a99fee4dfe4b5982386cf476fba5a1c1e58f68b20fbd5746eca22ae7
                                                                                                                                                                                                            • Instruction ID: 35964effbf14deeeeed345d0c207feba39852f9fbb12fba1cdae2e9706a8a601
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33a03787a99fee4dfe4b5982386cf476fba5a1c1e58f68b20fbd5746eca22ae7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7951CC717043069BDB00EF29DD42F6EBBE4BF98B44F41056DF909A7291DA31E904CBA2
                                                                                                                                                                                                            Function 00EB1D9A Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EB1DBB
                                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00EB1E03
                                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00EB1E38
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EB1ECD
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EB1F1B
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EB1F3C
                                                                                                                                                                                                            • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00EB1F4B
                                                                                                                                                                                                              • Part of subcall function 00EEE960: _free.LIBCMT ref: 00EEE973
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Locinfo::_Lockit::_Lockit::~_$AddfacLocimp::_Locimp_Locinfo_ctorLocinfo_dtor_freestd::locale::_
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2317827675-0
                                                                                                                                                                                                            • Opcode ID: 66cf33e021b9d709d916394c7bb4cd352e8467ea8645bac5e524b1865e320102
                                                                                                                                                                                                            • Instruction ID: d630c876a1e02299baaa8509103d42aa51c6457a5834d2b600749ab8c3f1edce
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66cf33e021b9d709d916394c7bb4cd352e8467ea8645bac5e524b1865e320102
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7071BDB0E00249DFEB10DFA9D855BAEBBF4AF44304F0450A9E805B7352EB75EA44CB91
                                                                                                                                                                                                            Function 00E952D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 173COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 0.0.0.0$UUID$UUID$Version$kernel32.dll
                                                                                                                                                                                                            • API String ID: 0-1483847951
                                                                                                                                                                                                            • Opcode ID: 15ed0b11835c1247954f64f0f8da52ca59d66542b1c8a457b27c9df0064e69bc
                                                                                                                                                                                                            • Instruction ID: 0c27d2781e8116053988562e0d742e6ca660514125efabda93af4cb65a3f3a11
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ed0b11835c1247954f64f0f8da52ca59d66542b1c8a457b27c9df0064e69bc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9816574904788CBEF25CFA8C9487DDBBF2BB59304F204259D464AB392D7B84A44DB51
                                                                                                                                                                                                            Function 00E8A6B6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,D49C76F0,?,?), ref: 00E8A531
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E8A73D
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8A7AC
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8A989
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Unexpected return value: , xrefs: 00E8A8CC
                                                                                                                                                                                                            • Event string is empty, xrefs: 00E8A77C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                            • String ID: Event string is empty$Unexpected return value:
                                                                                                                                                                                                            • API String ID: 1703231451-1331613497
                                                                                                                                                                                                            • Opcode ID: bededff847d6e10e7579e869256cce8a05afeea59202a913f3ba6a0934b5bd42
                                                                                                                                                                                                            • Instruction ID: 1d9145eaa9a497314ff72e773f2a349a79d86140270a354db6a13b8b0ecc8855
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bededff847d6e10e7579e869256cce8a05afeea59202a913f3ba6a0934b5bd42
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE51F4709002089FEB18EFA4C889BDDB7B5EF50314F1852A9E51D7B2D2DB705A85CB52
                                                                                                                                                                                                            Function 00EEBE00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00EEBE37
                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00EEBE3F
                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00EEBEC8
                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00EEBEF3
                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00EEBF48
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                            • Opcode ID: 781ca03656621c0411e4f1d3a022e22f8f076d47f24e7329f0ab7e066431b52a
                                                                                                                                                                                                            • Instruction ID: 8e4b42f3b789d690cbaf95394f27740298273c0d839ddb909591ee7a87de25b3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 781ca03656621c0411e4f1d3a022e22f8f076d47f24e7329f0ab7e066431b52a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D441A234A0028D9BCF10DF6ACC41ADFBBB5AF45328F1491A5E914BB2A2D7319905CF91
                                                                                                                                                                                                            Function 00E9C960 Relevance: 10.6, APIs: 7, Instructions: 116COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E9C995
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E9C9B7
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E9C9D7
                                                                                                                                                                                                            • __Getctype.LIBCPMT ref: 00E9CA70
                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00E9CA82
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00E9CA8F
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E9CAB1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::~_Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3947131827-0
                                                                                                                                                                                                            • Opcode ID: dbbbf3fe357a029496c9c5d7564ca448370a78acceef1d472cae1ab166ed6f5e
                                                                                                                                                                                                            • Instruction ID: f44dcd6c885a52e11d420a39564fe56ca075d32c8337a4f89e8f00fd966f81c7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbbbf3fe357a029496c9c5d7564ca448370a78acceef1d472cae1ab166ed6f5e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F74190719002489FCF11EF64D841AAEB7F4FF54314F245159E81AB7352EBB0AE46DB81
                                                                                                                                                                                                            Function 00E8A550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,D49C76F0,?,?), ref: 00E8A531
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E8A58B
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8A989
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E8A99D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Unexpected return value: , xrefs: 00E8A8CC
                                                                                                                                                                                                            • Thread signalled when event queue is empty, xrefs: 00E8A614
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitIos_base_dtorMtx_unlockOncestd::ios_base::_$BeginCompleteInitializeMultipleObjectsWait
                                                                                                                                                                                                            • String ID: Thread signalled when event queue is empty$Unexpected return value:
                                                                                                                                                                                                            • API String ID: 3324347728-3645029203
                                                                                                                                                                                                            • Opcode ID: abe0113757b68c012fc44e0785b75809c52d506b59e693d44b165de22a84f711
                                                                                                                                                                                                            • Instruction ID: f44b067af4c09e605da0145443b7607cb87588d57b2e1c85e2a9e6988d06d070
                                                                                                                                                                                                            • Opcode Fuzzy Hash: abe0113757b68c012fc44e0785b75809c52d506b59e693d44b165de22a84f711
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F441D370D05258DAEF14EBA0CC49BDDB7B5AF10314F14A1AAE41D772C2EB705B86CB52
                                                                                                                                                                                                            Function 00F0416A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                            • API String ID: 0-537541572
                                                                                                                                                                                                            • Opcode ID: e64409c3924e38a4862e7f83e8c2df9e66eeb27839bda8c8f39d0ea5cf001622
                                                                                                                                                                                                            • Instruction ID: 559d535b72ee8b5e03a3eda32e01a53dae4f79a74423e1befa2125095eef7a9b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e64409c3924e38a4862e7f83e8c2df9e66eeb27839bda8c8f39d0ea5cf001622
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 352181B2F41215ABDB329B649C44A5A37A89B25774B250121FE15A72E1D670FC01F9A0
                                                                                                                                                                                                            Function 00F0B9B3 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F0B6FF: _free.LIBCMT ref: 00F0B724
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BA01
                                                                                                                                                                                                              • Part of subcall function 00F02098: RtlFreeHeap.NTDLL(00000000,00000000,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?), ref: 00F020AE
                                                                                                                                                                                                              • Part of subcall function 00F02098: GetLastError.KERNEL32(?,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?,?), ref: 00F020C0
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BA0C
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BA17
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BA6B
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BA76
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BA81
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0BA8C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                            • Opcode ID: c22744a6882dbffdb4525d9527ade6ae6b6bf27445b1f441715d8059192af9a9
                                                                                                                                                                                                            • Instruction ID: 6cd977446a1e4ed6a1eb45bdfebba8cc946110a3d0c9bf04de7f210ff1e48969
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c22744a6882dbffdb4525d9527ade6ae6b6bf27445b1f441715d8059192af9a9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE115171641B09AAD530BBB1CC0BFCB779C5F05701F404815B6AEA61D2EB7EB505B650
                                                                                                                                                                                                            Function 00F0576D Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(?,00EA860A,00000000), ref: 00F057B5
                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00F05994
                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00F059B1
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00EA860A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F059F9
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F05A39
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00F05AE5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4031098158-0
                                                                                                                                                                                                            • Opcode ID: 9f07db0b58031d6a6dee2a9694696f525ffd98d30aa859c1485292148c6aec42
                                                                                                                                                                                                            • Instruction ID: 80252861a2f5d912b14fae8ab701dca136c9bce73df3230fc9eae8a084c850ca
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f07db0b58031d6a6dee2a9694696f525ffd98d30aa859c1485292148c6aec42
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DD1AC71E006589FCF15CFA8C8809EEBBB5BF48714F28416AE855FB281D674AD06EF50
                                                                                                                                                                                                            Function 00EE809D Relevance: 9.2, APIs: 6, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00EE8128
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00EE81B6
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EE8228
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00EE8242
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00EE82A5
                                                                                                                                                                                                            • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00EE82C2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2984826149-0
                                                                                                                                                                                                            • Opcode ID: c82cd808abc0d749b7324529753877f1186c288d9a842c11d3a53693067ad1fe
                                                                                                                                                                                                            • Instruction ID: e6455429bace8e9bc183dd6b68177ff2e4cf671c5e150a990928079f0c06d637
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c82cd808abc0d749b7324529753877f1186c288d9a842c11d3a53693067ad1fe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D271B27190068E9FDF218FA6CE41AEF7BB6EF49318F242155EA09B7260DF318801D764
                                                                                                                                                                                                            Function 00ED68B8 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00ED6901
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00ED696C
                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ED6989
                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00ED69C8
                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ED6A27
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00ED6A4A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2829165498-0
                                                                                                                                                                                                            • Opcode ID: 2d467a124043b2e0a1881d83d274d1edc0d141735e98f63bd911ed2a8a6572e1
                                                                                                                                                                                                            • Instruction ID: 6f99ccb6d28167ef84ab5caf606ceea09312a36f137b8da1d19e3fced1358cd1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d467a124043b2e0a1881d83d274d1edc0d141735e98f63bd911ed2a8a6572e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B451C37290021AAFDF209FA4CC45FAB7BA9EF40758F149426F915BA290E730DD12DB50
                                                                                                                                                                                                            Function 00E9DF80 Relevance: 9.2, APIs: 6, Instructions: 154memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,D49C76F0), ref: 00E9E00F
                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000014,00000001,?,?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E9E073
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,00000001), ref: 00E9E104
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000001,?,?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E9E112
                                                                                                                                                                                                            • FreeSid.ADVAPI32(00000000,00000001,?,?,?,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E9E11D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLocal$AllocErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3195132385-0
                                                                                                                                                                                                            • Opcode ID: 90010c8e49f1c8e566e62641f2ceac2addd94eeb0453e892e35b01cb01540114
                                                                                                                                                                                                            • Instruction ID: 8810e1ee6a04e8c06b49e28c61a32abff935a6c10dafdf2380f59c34ba462eaf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90010c8e49f1c8e566e62641f2ceac2addd94eeb0453e892e35b01cb01540114
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3551F4B5E00218ABEF10DFA4D885BEEBBF8FF48714F10512AE901B7341D774A9458BA0
                                                                                                                                                                                                            Function 00E7E790 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,?,00000000), ref: 00E7E7D7
                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,00000000,?), ref: 00E7E811
                                                                                                                                                                                                            • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,00000000,00000000,?), ref: 00E7E86D
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00E7E8C7
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00E7E8DC
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00E7E917
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Security$DescriptorFreeLocal$ConvertDaclInfoNamedString
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2792426717-0
                                                                                                                                                                                                            • Opcode ID: 1503a4aa1ca66a4b6b5d4edad473ce0b3e3bbeefbe3ba8fd42cbc03d394ffdcf
                                                                                                                                                                                                            • Instruction ID: 424798b7c41be0f682b74a7413301fb863760d4f49fc33359bdd784c0ed088fb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1503a4aa1ca66a4b6b5d4edad473ce0b3e3bbeefbe3ba8fd42cbc03d394ffdcf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF417B71A01248ABEF24CFA4DD49BDEBBB8FF08704F244169F905B2390D7799A04CB61
                                                                                                                                                                                                            Function 00E78D10 Relevance: 9.1, APIs: 6, Instructions: 128COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E78D46
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E78D66
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E78D86
                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00E78E57
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00E78E64
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E78E86
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2966223926-0
                                                                                                                                                                                                            • Opcode ID: d7bb0d6cca28e090e47da25aa6b86621ca22c8f0c793867c196f78120ca1f61f
                                                                                                                                                                                                            • Instruction ID: 0c583b86eac4802ff9ab88b2e5d03a7e6fb51c7c56b2606b4071e27cc8355e57
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7bb0d6cca28e090e47da25aa6b86621ca22c8f0c793867c196f78120ca1f61f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3541DF71900209DBCB10DF65D985BAEBBB4FF60314F24915AE41ABB391DF71AE06CB81
                                                                                                                                                                                                            Function 00E83400 Relevance: 9.1, APIs: 6, Instructions: 122COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E83435
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E83457
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E83477
                                                                                                                                                                                                            • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00E8353A
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00E83547
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E83569
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2966223926-0
                                                                                                                                                                                                            • Opcode ID: c1b39060c2903065d0bee8c4b0798143067073ff6ec8545dc2b2fa16d7eb42c4
                                                                                                                                                                                                            • Instruction ID: 3e18095652049a7f8439cabef7d43e648e73481982420e51257997c884ad05a7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1b39060c2903065d0bee8c4b0798143067073ff6ec8545dc2b2fa16d7eb42c4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B41DF719002098FCB11EF68C940AADB7F0FF54714F14925AD81EB7352EB74EA46DB81
                                                                                                                                                                                                            Function 00E732DE Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00E732E5
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E732F2
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00E73340
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E73360
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E7336D
                                                                                                                                                                                                            • __Towlower.LIBCPMT ref: 00E73388
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_RegisterTowlower
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2111902878-0
                                                                                                                                                                                                            • Opcode ID: 0ad0b1a86b9baaf8fd4d5f974cf0b81ef5a3a5e05e866845fe3cbf479d4ba0bd
                                                                                                                                                                                                            • Instruction ID: 7e976b1cb68cb25a0b1477379b443a1152e3293f7ce82f6873fd25529c9d6bbb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ad0b1a86b9baaf8fd4d5f974cf0b81ef5a3a5e05e866845fe3cbf479d4ba0bd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D11C232900109EFCB14EB74D941AAE77E4EF94710F24520AF629B7392DF309F02A791
                                                                                                                                                                                                            Function 00EEBFCA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00EEBFC1,00EEA1CC,00EE95E4), ref: 00EEBFD8
                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00EEBFE6
                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00EEBFFF
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00EEBFC1,00EEA1CC,00EE95E4), ref: 00EEC051
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                            • Opcode ID: c122b292d9cce86affe1cb52c2e9291fd44f0c933cceb3490a59c1f2e9f8e904
                                                                                                                                                                                                            • Instruction ID: c24466a7ad2b9e90e493e038e4f04663b0b649b5c6ebec5d2228feb176afa802
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c122b292d9cce86affe1cb52c2e9291fd44f0c933cceb3490a59c1f2e9f8e904
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C301843220D75DAFA6352AB67C8556B3B84EB42779B30223AF610F61F5EF514C06A144
                                                                                                                                                                                                            Function 00ED8298 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED829F
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED82A9
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00ED82E3
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED82FA
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED831A
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED8327
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                                            • Opcode ID: fda652885dc22aa852e59935c097be06efceb43ed31d9b346df9f38cc3029fa5
                                                                                                                                                                                                            • Instruction ID: 8fcbc6e2759960d0d5e7f81c6b2cd1e8caa012292cb12fda72a7ac8864d3228b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fda652885dc22aa852e59935c097be06efceb43ed31d9b346df9f38cc3029fa5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D701C4719001199FCB04EB64C902AAE77E5FF40718F24510AE818773D1CF709E06EB81
                                                                                                                                                                                                            Function 00ED8203 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED820A
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED8214
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00ED824E
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED8265
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED8285
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED8292
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                                            • Opcode ID: 8fb356df15986b4b56fa894ce1d2501b6a79ab45bf5b85077a519dcfc56ba1b6
                                                                                                                                                                                                            • Instruction ID: 6c7a85f1dbec084b3af0254d7e9dc7c06d67f424ec8c2483330fe6fca71d2061
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fb356df15986b4b56fa894ce1d2501b6a79ab45bf5b85077a519dcfc56ba1b6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9801C4319002599BCB04FBA4C902AAD77B5FF50714F24550AF9247B396DF709E02E791
                                                                                                                                                                                                            Function 00ED83C2 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED83C9
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED83D3
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00ED840D
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED8424
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED8444
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED8451
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                                            • Opcode ID: d69a716acdab79039c0b943c80022885839324f2b5112a3bda441250fdbf2302
                                                                                                                                                                                                            • Instruction ID: 24574a0f011ece549dcb074234774f7f12dc43a89432913aa46dc3344adde01c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d69a716acdab79039c0b943c80022885839324f2b5112a3bda441250fdbf2302
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8601D23190021A9BCB14FB64C906ABEB7B5FF80718F24110AF925BB3D1DF749E02A791
                                                                                                                                                                                                            Function 00ED435B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED4362
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED436C
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00ED43A6
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED43BD
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED43DD
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED43EA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2133458128-0
                                                                                                                                                                                                            • Opcode ID: eb6e23fcc02cbe0ce2f673133002c60f908e0d84451ffa874b791b95dd7150be
                                                                                                                                                                                                            • Instruction ID: e72f3777c06ea9296b5244edc93f548fe4f9b92d058708153ba8447a3b37606f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb6e23fcc02cbe0ce2f673133002c60f908e0d84451ffa874b791b95dd7150be
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9701C0719002599BCB04FB68C911AAD77A5FF60318F24610AE424BB3D2CF749E02DB91
                                                                                                                                                                                                            Function 00ED832D Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED8334
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED833E
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00ED8378
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED838F
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED83AF
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED83BC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                                            • Opcode ID: c1ef5235dd12aee2119a886b5b0efcdccf5bb5c0734cb9edc6fcd83f47158352
                                                                                                                                                                                                            • Instruction ID: a16f31e3d618da5b5c1eec9e2ae65dbbc445869cf5fde151b04798be35e5575e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1ef5235dd12aee2119a886b5b0efcdccf5bb5c0734cb9edc6fcd83f47158352
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9901C4359002199BCB14FB64C902AADB7E5EF40714F24110AE818B7392DF709E02A791
                                                                                                                                                                                                            Function 00EE4475 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE447C
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EE4486
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • collate.LIBCPMT ref: 00EE44C0
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00EE44D7
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE44F7
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EE4504
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1767075461-0
                                                                                                                                                                                                            • Opcode ID: 02c4aadbf2908dcfe350a4f95e09c8bf989632059808cef270b387b7357d9185
                                                                                                                                                                                                            • Instruction ID: 2d580bea95dadc51a5bb04eae453fdf335ddcf2a50b917e78997ae5bdc302b51
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02c4aadbf2908dcfe350a4f95e09c8bf989632059808cef270b387b7357d9185
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A101C07290025D9BCB15EB65C842AAD77B5BF80318F24650AF924BB3D2DF749E01AB81
                                                                                                                                                                                                            Function 00EE450A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE4511
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EE451B
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • messages.LIBCPMT ref: 00EE4555
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00EE456C
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE458C
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EE4599
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 958335874-0
                                                                                                                                                                                                            • Opcode ID: 659bff3f6a9909ddb122e32113152242b0080c7bce0fc82fc0a5fa3938503383
                                                                                                                                                                                                            • Instruction ID: 8e0d57134e336c79e5fa07a8a641f9f96e424003d9a419205270031ac2b817ea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 659bff3f6a9909ddb122e32113152242b0080c7bce0fc82fc0a5fa3938503383
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D01C07590025DDBCB04EBA5C942AAE77B9BF44324F24150AF924BB3D1DF709E05A781
                                                                                                                                                                                                            Function 00EE46C9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE46D0
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EE46DA
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00EE4714
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00EE472B
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE474B
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EE4758
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                                            • Opcode ID: 2efa390ddbbc0df53bf7476cb744a9e02eb32a9ee620707400b7e311e6cf1f0e
                                                                                                                                                                                                            • Instruction ID: 451537776a32ae6df23b76c35a52dce90e3bbfd1c08b9bdd9f23aa0520efebcc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2efa390ddbbc0df53bf7476cb744a9e02eb32a9ee620707400b7e311e6cf1f0e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E801C07590029D9BCB05EBA5C906ABE77F5EF40318F25110AE924BB3D1CF749E01AB81
                                                                                                                                                                                                            Function 00ED8616 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED861D
                                                                                                                                                                                                            • numpunct.LIBCPMT ref: 00ED8661
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED8678
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED8698
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED86A5
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED8627
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3064348918-0
                                                                                                                                                                                                            • Opcode ID: a4e1fabd8b802faae3c5fc1818f3e84921e29ebc5c50302dd1731823caabea3e
                                                                                                                                                                                                            • Instruction ID: 33151be6ceb52158f4b27f969193e516257e7a81e3caaae0f19c4cac5169776c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4e1fabd8b802faae3c5fc1818f3e84921e29ebc5c50302dd1731823caabea3e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB01C4319002199BCB04FB64C9066AD77A5EF80728F24110AE528BB3D2EF709E02D781
                                                                                                                                                                                                            Function 00EE475E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE4765
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EE476F
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00EE47A9
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00EE47C0
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE47E0
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EE47ED
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                                            • Opcode ID: 677f8106a540532d35049c795e4e24a41d75ae3577c09efd0d03f7fa4b172742
                                                                                                                                                                                                            • Instruction ID: fabc57caab00695016a708136436f3310a3ec48fa29891d92a801434bd40d9ad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 677f8106a540532d35049c795e4e24a41d75ae3577c09efd0d03f7fa4b172742
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B01AD759102599BCB04FBA5C906AAE77A5FF80718F24110AF924BB3D1CF749E01A781
                                                                                                                                                                                                            Function 00ED7CC6 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED7CCD
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED7CD7
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • collate.LIBCPMT ref: 00ED7D11
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED7D28
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7D48
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED7D55
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1767075461-0
                                                                                                                                                                                                            • Opcode ID: 3a5a15857a10aa3d4a39343ac97b0ac30df2329c4ca3cd7a97846064f515290c
                                                                                                                                                                                                            • Instruction ID: 36cae297cda2107661c42b4c4f465e1d74929ee3ee1d4d5de5aa77c0a4f172f6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a5a15857a10aa3d4a39343ac97b0ac30df2329c4ca3cd7a97846064f515290c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B01C8319041199BCB05EB74C8066BD77F6EF40318F24610AE4157B395EF709E069B81
                                                                                                                                                                                                            Function 00ED7C31 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED7C38
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED7C42
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00ED7C7C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED7C93
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7CB3
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED7CC0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2133458128-0
                                                                                                                                                                                                            • Opcode ID: dd397b82c4923669360b54ca1655c55f2d4a5bdcff92495aab5ef575ca53580c
                                                                                                                                                                                                            • Instruction ID: 4b3ef7721834999689e61ae036556022ef359f9a10d5ddc6c246ce7880cdecbf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd397b82c4923669360b54ca1655c55f2d4a5bdcff92495aab5ef575ca53580c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D0100319041199FCB00EB64C802AAEB7F5EF44714F24110AF814BB392EF709E029B91
                                                                                                                                                                                                            Function 00ED7DF0 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED7DF7
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED7E01
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • ctype.LIBCPMT ref: 00ED7E3B
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED7E52
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7E72
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED7E7F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2958136301-0
                                                                                                                                                                                                            • Opcode ID: 91aa36d674e01b1adbf7dd80276e883e0f76c0a352531033d9fcc81f9970fc44
                                                                                                                                                                                                            • Instruction ID: 588cb35ae98e90d69f639e47c7f11815055a27cdfc2ba808ab5b4a9e5b7dbbce
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91aa36d674e01b1adbf7dd80276e883e0f76c0a352531033d9fcc81f9970fc44
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2901C0319041199BCB04EB64C801AAEB7F5EF80314F24564EE824BB3D2EF709E02AB91
                                                                                                                                                                                                            Function 00ED7D5B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED7D62
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED7D6C
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • collate.LIBCPMT ref: 00ED7DA6
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED7DBD
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7DDD
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED7DEA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1767075461-0
                                                                                                                                                                                                            • Opcode ID: c75b9ed89aa3e949f6fbcb98e235f66112ade1c8df64046b09efbd6324bcbe68
                                                                                                                                                                                                            • Instruction ID: 854f0ed2c9ea7f0ce97014b51b7f0b468b08982b9734f957cbd8c4cf7a5b4d00
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c75b9ed89aa3e949f6fbcb98e235f66112ade1c8df64046b09efbd6324bcbe68
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B01C4319042199BCB05FB64C9016BE77A6FF80314F24510AF525773D1EF709E02D781
                                                                                                                                                                                                            Function 00ED7E85 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED7E8C
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED7E96
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • messages.LIBCPMT ref: 00ED7ED0
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED7EE7
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7F07
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED7F14
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 958335874-0
                                                                                                                                                                                                            • Opcode ID: ddf2deb0cada2305555b2e51e28492048038ebfc7eee6e33caf8dfe0ee3dd4c0
                                                                                                                                                                                                            • Instruction ID: fe203b862a5248d9ab7aad27fa6169df6f7cc1e034bbe2ab9ec8f590550930b8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddf2deb0cada2305555b2e51e28492048038ebfc7eee6e33caf8dfe0ee3dd4c0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E01C0319042199FCB15EB64C802ABE77A5FF80318F24150AF824BB3D2EF749E02E791
                                                                                                                                                                                                            Function 00ED7F1A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED7F21
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED7F2B
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • messages.LIBCPMT ref: 00ED7F65
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED7F7C
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7F9C
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED7FA9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 958335874-0
                                                                                                                                                                                                            • Opcode ID: 57202bcfac637601bee7838b2ebfcdfd9ac8e2281633b86fd69b393f9eeb2ec9
                                                                                                                                                                                                            • Instruction ID: a5b2c1b2f320daaeb15270b5e5408993108ec5f8e11645b68332350ab72defcd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57202bcfac637601bee7838b2ebfcdfd9ac8e2281633b86fd69b393f9eeb2ec9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB01C07190421A9BCB14EB64C942AAD77B5FF84714F24110AF828BB392DF709E02AB81
                                                                                                                                                                                                            Function 00E9C410 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E9C546
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E9C54B
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E9C550
                                                                                                                                                                                                              • Part of subcall function 00EEE960: _free.LIBCMT ref: 00EEE973
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task$_free
                                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                                            • API String ID: 149343396-2658103896
                                                                                                                                                                                                            • Opcode ID: f1ac9e3ec63b1b2c5bb7d4e2a2a901644dfb4d0a468ea21db40fdb31b079d14a
                                                                                                                                                                                                            • Instruction ID: 6324c3c59f612cd8663a98e9594b099decaa72dca4601b8cb44e7d823fcb71a8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1ac9e3ec63b1b2c5bb7d4e2a2a901644dfb4d0a468ea21db40fdb31b079d14a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 284143759003449FCB20AF64D941BAABBF4EF06304F14946DE916BB352D772E905CBA1
                                                                                                                                                                                                            Function 00E8D87D Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8D8F5
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8DF0C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                            • String ID: Event Sender already initialized for Azure$Failed to encode url$~
                                                                                                                                                                                                            • API String ID: 1656330964-1958975516
                                                                                                                                                                                                            • Opcode ID: 04a40fa8c64f953b5d62017e01eb4ffc8b8c33dc5a3c10219cbd598b6c9ee4b1
                                                                                                                                                                                                            • Instruction ID: 3b4976c5ae446c5d28638c79f061be29521d97826dd37da4fbf9317c49f46bf1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04a40fa8c64f953b5d62017e01eb4ffc8b8c33dc5a3c10219cbd598b6c9ee4b1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F841D170A0825C9BDB18EB64DC45BDDB7B9EB55314F0082D9E80D77281EB716A48CB62
                                                                                                                                                                                                            Function 00EDDDD2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                            • String ID: $+xv
                                                                                                                                                                                                            • API String ID: 2204710431-1686923651
                                                                                                                                                                                                            • Opcode ID: 8e80a8ebc054df752489f23c0fe1634748bf35cc4701b215c118af00722b49da
                                                                                                                                                                                                            • Instruction ID: 7c5b5d3a84214b1998ce3f1e71ff1e9806314d31f51e2bc89c2c47f245230882
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e80a8ebc054df752489f23c0fe1634748bf35cc4701b215c118af00722b49da
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 302192B1904A566FD725DF74889077BBFF8EB09700F04195AE459DBB41D730E602CB90
                                                                                                                                                                                                            Function 00EF5FF6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,?,?), ref: 00EF6016
                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 00EF6028
                                                                                                                                                                                                            • swprintf.LIBCMT ref: 00EF6049
                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000), ref: 00EF6086
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Assertion failed: %Ts, file %Ts, line %d, xrefs: 00EF603E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleFileHandleTypeWriteswprintf
                                                                                                                                                                                                            • String ID: Assertion failed: %Ts, file %Ts, line %d
                                                                                                                                                                                                            • API String ID: 2943507729-1719349581
                                                                                                                                                                                                            • Opcode ID: da03b11c8ad7ef375b8ae69e3a15b72417732bd57b457f9b617ca5a5f9c7d517
                                                                                                                                                                                                            • Instruction ID: b755cbe57214c1667ff61a28fe963ec0eb3ae029e7a223768f025b8047af670e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: da03b11c8ad7ef375b8ae69e3a15b72417732bd57b457f9b617ca5a5f9c7d517
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3511B27590011CABDB309B298C45BFE77ADEB84314F60465DFB1AA3181EE30AD468B68
                                                                                                                                                                                                            Function 00EED1B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00EED278,?,?,00F677FC,00000000,?,00EED3A3,00000004,InitializeCriticalSectionEx,00F4013C,00F40144,00000000), ref: 00EED247
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                            • API String ID: 3664257935-2084034818
                                                                                                                                                                                                            • Opcode ID: da6eea7b7c97d2420afb96c6cf0b001867131b70e11bbe81cfd8eb5a07956c71
                                                                                                                                                                                                            • Instruction ID: cf49d2aa65430096ca8d2ad24a08fddca20dac3d8666b1dd134f817e4bd2a12e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: da6eea7b7c97d2420afb96c6cf0b001867131b70e11bbe81cfd8eb5a07956c71
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9811C631A4526DABDB329B69AC40B5D37A4AF19764F242150FE01F72E0D770ED01D6D1
                                                                                                                                                                                                            Function 00E9E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00E9E172
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00E9E182
                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 00E9E1C2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                                            • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                            • API String ID: 588496660-2191092095
                                                                                                                                                                                                            • Opcode ID: 1d8d008b100f5062928a2c5e7d8fd6dbe5cf5493d0650be4c12b60994cbecff3
                                                                                                                                                                                                            • Instruction ID: 639d7035b87ecb138d6336899bc96d750f7130559eacc7dc21618f95e3cec80a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d8d008b100f5062928a2c5e7d8fd6dbe5cf5493d0650be4c12b60994cbecff3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5018875245308AADB30CB5BFC04BA27BA9E7A0B65F04502AF214E2260C7F3D441FB65
                                                                                                                                                                                                            Function 00E9F980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,D49C76F0), ref: 00E9F989
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00E9F9A9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                            • API String ID: 1646373207-3789238822
                                                                                                                                                                                                            • Opcode ID: d8a3c322c50a2fd971b048abc09bf94d4aff0f56ad6e8ffe16b575fcfb89d75a
                                                                                                                                                                                                            • Instruction ID: afc6225ef3ed6ed357c1acfde07b9285618bfa26c7f9bf9eaf2568ba474c2134
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8a3c322c50a2fd971b048abc09bf94d4aff0f56ad6e8ffe16b575fcfb89d75a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73F08C72A4121CABCB20DFA4EC09F9A7BA8EB55351F1041A6FC04DB240D671DD11DBA1
                                                                                                                                                                                                            Function 00EC11F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00EC1210
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EC121A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • NWebAdvisor::CCabParser::Write, xrefs: 00EC1228
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00EC122D
                                                                                                                                                                                                            • WriteFile failed: %d, xrefs: 00EC1221
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                            • String ID: NWebAdvisor::CCabParser::Write$WriteFile failed: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                            • API String ID: 442123175-2264278858
                                                                                                                                                                                                            • Opcode ID: b730e0d0b45fbd3a97c893f656b5ed233111d44c8bf63d383adaff273ead15ed
                                                                                                                                                                                                            • Instruction ID: ab4c02daeb8f051f74c4cb4e2214fd4a482233ae501826383ed5d6a644edbe58
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b730e0d0b45fbd3a97c893f656b5ed233111d44c8bf63d383adaff273ead15ed
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7F0C83170010CBFDB00EF64DD02F6DB7F4EB58B04F404059BD09AA191D9719A15E751
                                                                                                                                                                                                            Function 00EA08A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32), ref: 00EA08A9
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00EA08C0
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00EA08D7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                            • API String ID: 4190356694-3789238822
                                                                                                                                                                                                            • Opcode ID: 5a69e32c2b18db880b2ca88142ef32da5554a0f218899bf108099fe0e4651647
                                                                                                                                                                                                            • Instruction ID: 5fb75c272fe95ac22399156a953868aae229050b1599942ccab677774e1c48e3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a69e32c2b18db880b2ca88142ef32da5554a0f218899bf108099fe0e4651647
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30F02732D4131CABCF209BA06C09EEA7B9CEF06715B0005D5EC08A3200E675DD02A2D1
                                                                                                                                                                                                            Function 00EFE940 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00EFE935,?,?,00EFE8FD,00000002,00000002,?), ref: 00EFE955
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00EFE968
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00EFE935,?,?,00EFE8FD,00000002,00000002,?), ref: 00EFE98B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                            • Opcode ID: 97bdb9e2105b122d9607941df3751f1cc54841910b80f3a30d02a3ee75e1a237
                                                                                                                                                                                                            • Instruction ID: 8980cfeefeb1420f68428838b6f6b5ff78b8f0d45e7fff31635e030e6c74d948
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97bdb9e2105b122d9607941df3751f1cc54841910b80f3a30d02a3ee75e1a237
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69F05E31A5121CBBDB219B51DD09F9DBE74EF40755F101090E904A21A0DBB08F42EAA1
                                                                                                                                                                                                            Function 00F003F2 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F02174: RtlAllocateHeap.NTDLL(00000000,?,?,?,00EE872D,?,?,00E7A1ED,0000002C,D49C76F0), ref: 00F021A6
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00501
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00518
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00535
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00550
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F00567
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$AllocateHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3033488037-0
                                                                                                                                                                                                            • Opcode ID: ea8c476864c2fe35cc3fd89c3d89ad091cd8a5edaf2e9e3f2488e3dd806252ba
                                                                                                                                                                                                            • Instruction ID: 328a308dbea3afdb3791c528195ab92968e7829de4ef834c362e0221247f2213
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea8c476864c2fe35cc3fd89c3d89ad091cd8a5edaf2e9e3f2488e3dd806252ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E51AD72A00709AFDB21DF29CC41B6AB7F4EF49720F184569E909D7291EB35EA40FB50
                                                                                                                                                                                                            Function 00E99D60 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,00F5CFC4,00F5CFC6,?,00F5CFC6,?,00F5CFC4,ios_base::failbit set,00000000), ref: 00E99DB0
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00F5CFC6,?,00F5CFC4,ios_base::failbit set,00000000), ref: 00E99DC1
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,00F5CFC4,00F5CFC6,00000000,00000000,?,00F5CFC6,?,00F5CFC4,ios_base::failbit set,00000000), ref: 00E99DD9
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,00F5CFC4,?,?,00000000,?,?,?,00F5CFC6,?,00F5CFC4,ios_base::failbit set,00000000), ref: 00E99DFF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                            • String ID: ios_base::failbit set
                                                                                                                                                                                                            • API String ID: 1717984340-3924258884
                                                                                                                                                                                                            • Opcode ID: c788bee5d1c3886ce6bf1b5b183003b1e8150c57624794f070eb2a9712a7c4c6
                                                                                                                                                                                                            • Instruction ID: e283ef4da0f9feedca2df06a8eaf970dd7d54fed442ec0c6d064773d044984eb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c788bee5d1c3886ce6bf1b5b183003b1e8150c57624794f070eb2a9712a7c4c6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79215B76201309BFEB206F54DC84FABBF5CFF46348F204529F6456A192DB72A425C7A0
                                                                                                                                                                                                            Function 00E89B0D Relevance: 7.6, APIs: 5, Instructions: 78threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetEvent.KERNEL32 ref: 00E89B16
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00E89B29
                                                                                                                                                                                                              • Part of subcall function 00ED66B6: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000), ref: 00ED66C1
                                                                                                                                                                                                              • Part of subcall function 00ED66B6: GetExitCodeThread.KERNEL32(?,?), ref: 00ED66D3
                                                                                                                                                                                                              • Part of subcall function 00ED66B6: CloseHandle.KERNEL32(?), ref: 00ED66EC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00E89B81
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00E89B97
                                                                                                                                                                                                            • __Mtx_destroy_in_situ.LIBCPMT ref: 00E89BAF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseHandle$Thread$CodeCurrentEventExitMtx_destroy_in_situObjectSingleWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2780651522-0
                                                                                                                                                                                                            • Opcode ID: d37b7366e0687fd0f1e1c9de7cfc7a3c6e90798d18cb3b740c9edeea66756c56
                                                                                                                                                                                                            • Instruction ID: d89bab11ce18d9f43844f347e59e4a94be422cfcda707b6d2ccb9649cb39a998
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d37b7366e0687fd0f1e1c9de7cfc7a3c6e90798d18cb3b740c9edeea66756c56
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30213D30E00B444BD730BB74AC49BAAB7D59F50314F18292AF56DB11C2DB32A921CB46
                                                                                                                                                                                                            Function 00ED3EA7 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ___std_fs_open_handle@16.LIBCPMT ref: 00ED3EC0
                                                                                                                                                                                                              • Part of subcall function 00ED3E73: CreateFileW.KERNEL32(02200000,00010000,00000007,00000000,00000003,?,00000000,00000000,?,00ED3EC5,?,?,00010000,02200000,?,00000000), ref: 00ED3E88
                                                                                                                                                                                                              • Part of subcall function 00ED3E73: GetLastError.KERNEL32(?,00ED3EC5,?,?,00010000,02200000,?,00000000), ref: 00ED3E98
                                                                                                                                                                                                            • SetFileInformationByHandle.KERNEL32(?,00000015,00000000,00000004,?,?,00010000,02200000,?,00000000), ref: 00ED3EFC
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED3F0C
                                                                                                                                                                                                            • SetFileInformationByHandle.KERNEL32(?,00000004,?,00000001), ref: 00ED3F38
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED3F45
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLast$HandleInformation$Create___std_fs_open_handle@16
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1118473077-0
                                                                                                                                                                                                            • Opcode ID: be6bb62b0b3d6495a67a100a36188f54cdc0554450bd49eb6f87c4375f3fe9e2
                                                                                                                                                                                                            • Instruction ID: 4fb882bca9e9c310d182dba2e461bdde0e847aaca6a7e82c0bfa096b20c2b85e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: be6bb62b0b3d6495a67a100a36188f54cdc0554450bd49eb6f87c4375f3fe9e2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F11C035E08249EADB259BB88D1CBFE7FB4EB50708F141067F902B2391D6B18B06C652
                                                                                                                                                                                                            Function 00ED43F0 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED43F7
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED4401
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED4452
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED4472
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED447F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 09745cd1bf0b6c0e7ff8100b02c0b270f34fc6e8cead6d80ce3412c90a18b7c5
                                                                                                                                                                                                            • Instruction ID: 859222cd7b4dee4bd9398adcd8b32dc201c7cd9463a80ec818705e1f6ad3c07a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09745cd1bf0b6c0e7ff8100b02c0b270f34fc6e8cead6d80ce3412c90a18b7c5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B701C0719002199BCF04FB64C805AAEB7B5EF90714F24510AE924BB3D1DF709E029B91
                                                                                                                                                                                                            Function 00ED7579 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2020259771-0
                                                                                                                                                                                                            • Opcode ID: 3d098e58518a481900272fc46da2810ba48a42dcec351c380c4ebb5157d7d2cf
                                                                                                                                                                                                            • Instruction ID: 425a90c36ddfa90907e712b5cd4eeb528b6db534f24e3db86020870a20bafbdb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d098e58518a481900272fc46da2810ba48a42dcec351c380c4ebb5157d7d2cf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF118CB1908B44BBE320DBA49881F13B7ECEB08724F04591BF1899BA41E265FC5587A5
                                                                                                                                                                                                            Function 00E777FD Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00E77804
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E77811
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00E7785F
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E7787F
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E7788C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3498242614-0
                                                                                                                                                                                                            • Opcode ID: b56845a6888aeb5099d4b4e81851df8b964e87d101cd1aef401f9b48dcecd964
                                                                                                                                                                                                            • Instruction ID: e510c0cc18740315b93e3a27e4b9a1ecd86b174ad2cf6bbef532d9f90724633d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b56845a6888aeb5099d4b4e81851df8b964e87d101cd1aef401f9b48dcecd964
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3201D231904219DBDB08EBA4C9466AD77E5AF84750F246109F51977382CF709E42DBE2
                                                                                                                                                                                                            Function 00E77892 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00E77899
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E778A6
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00E778F4
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00E77914
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E77921
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3498242614-0
                                                                                                                                                                                                            • Opcode ID: 3d07378bcfecf8fa490b7ed248bb04cf30c99ea8c30dbc87d318b77121224b7c
                                                                                                                                                                                                            • Instruction ID: 34b035f462c5c29efccf9a3dd17621ee0dc2ab079db346e1bf62f2ccd260128a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d07378bcfecf8fa490b7ed248bb04cf30c99ea8c30dbc87d318b77121224b7c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E201DE31909209DBCB04EBB4C941ABE77E4EF84710F256609F618B7382CF309E469792
                                                                                                                                                                                                            Function 00ED80D9 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED80E0
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED80EA
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED813B
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED815B
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED8168
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 3401c6628ed9e90db393e101e97c1f2673315df5c016abcad111d63d0009a8f4
                                                                                                                                                                                                            • Instruction ID: 13ca73c59cfc86b3604ce1a12f0ae599997f7088d75d012db19b7310e89782ce
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3401c6628ed9e90db393e101e97c1f2673315df5c016abcad111d63d0009a8f4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8101D2319002599FCB05FB64CA46AAE77B5FF80714F24150AE924BB3D2CF709E06EB81
                                                                                                                                                                                                            Function 00ED8044 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED804B
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED8055
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED80A6
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED80C6
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED80D3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 123aa4ce4445e51b06ade1431eb97a0416d51bbd5224778b7787e9360f16f40e
                                                                                                                                                                                                            • Instruction ID: d093e3a11e0fe33bb97d89fd1519527c6c1c392f5ddea840a403110f9e5fa188
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 123aa4ce4445e51b06ade1431eb97a0416d51bbd5224778b7787e9360f16f40e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D01D2319002199BDB05FB74D942AAE77B9FF40714F25110AE824BB3D2DF719E06A791
                                                                                                                                                                                                            Function 00ED816E Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED8175
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED817F
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED81D0
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED81F0
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED81FD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 14b2369c9d5757f91bdf109a99c07f41450468e15416f9c45926a7186253246c
                                                                                                                                                                                                            • Instruction ID: d59c93bbc6c6d6eef60c981cc338151faba8cc0c1ae6a74de9672851761e2b49
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14b2369c9d5757f91bdf109a99c07f41450468e15416f9c45926a7186253246c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D01C0319002199BCB05EB64CD02AAD77F9FF44318F24520AE824BB392CF709E06AB81
                                                                                                                                                                                                            Function 00ED84EC Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED84F3
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED84FD
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED854E
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED856E
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED857B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 14c11cede6ab97851facb670ac0d16b6d1bc88dfccf3f82c06fc555e169cd52b
                                                                                                                                                                                                            • Instruction ID: acb49fad45914d7c435eb8abe3f218d858c5cc10ac085b0e7b971a25c6314585
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14c11cede6ab97851facb670ac0d16b6d1bc88dfccf3f82c06fc555e169cd52b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2501C0319002199BCF04EB64D912AAE77E5FF80314F25550AE824BB392DF709E02AB81
                                                                                                                                                                                                            Function 00ED8457 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED845E
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED8468
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED84B9
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED84D9
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED84E6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: a6c107363032416e90057a2fecb4ce56edcbd8f12a1a2ed0a64c9fc05d437961
                                                                                                                                                                                                            • Instruction ID: 763529efd8cc5fc47d935f73a72ebcbd5d0437ca4a5e118b2efc20cd9ea07ed9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6c107363032416e90057a2fecb4ce56edcbd8f12a1a2ed0a64c9fc05d437961
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0101D63190021A9BCB15FB64C9166AE77B5FF40724F24150AF524B73D2DF749E02D781
                                                                                                                                                                                                            Function 00ED8581 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED8588
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED8592
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED85E3
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED8603
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED8610
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 4e64f8d8194f60b03db2d0814e7b42c24f358b794662b98b092697cc8c1bf256
                                                                                                                                                                                                            • Instruction ID: 28e2b4db0307446f6036a88c74165293483a65732762dda873b00ca1e231dec6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e64f8d8194f60b03db2d0814e7b42c24f358b794662b98b092697cc8c1bf256
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E20184319001199BCB05EB64C9466AE77A5FF40724F24154AE524B73D2DF749E029B91
                                                                                                                                                                                                            Function 00EE459F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE45A6
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EE45B0
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00EE4601
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE4621
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EE462E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 441140f9cec91f722dbc41e6a68786487299d674bc5c9a41e114b94b737b1a5a
                                                                                                                                                                                                            • Instruction ID: 1fca17739e5183c4190ba94100502ec5abbb5c156a03f362708c2146c1753fb7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 441140f9cec91f722dbc41e6a68786487299d674bc5c9a41e114b94b737b1a5a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C01C07590025D9BCB04EBA5C952AAE77B5AF40714F25210AE814BB3D1DF709E01E781
                                                                                                                                                                                                            Function 00ED86AB Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED86B2
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED86BC
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED870D
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED872D
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED873A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 6c75294db4fb719c640702bfded7377baa1276e1f0f5de41f63076622751bded
                                                                                                                                                                                                            • Instruction ID: 05de0ff49957a6a7343f97409244993b906de9c0019735102f212df375c96aa0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c75294db4fb719c640702bfded7377baa1276e1f0f5de41f63076622751bded
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3101C0319002199BCB05FB74CA12AAEB7A5FF50718F24510AE924BB391DF709E02A791
                                                                                                                                                                                                            Function 00EE4634 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE463B
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EE4645
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00EE4696
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE46B6
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EE46C3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 1447843474f0a3b4b7f02c802632cde19004925416f2baa0c366583868bea00b
                                                                                                                                                                                                            • Instruction ID: f9c56cdc2cbad2defb254cd68a1480474a26af6477ff621849926dbf3a6270a1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1447843474f0a3b4b7f02c802632cde19004925416f2baa0c366583868bea00b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3001C07190025E9BCB04EB65C946AAD77F5BF40314F24510AE814BB3E1DF709E01AB81
                                                                                                                                                                                                            Function 00EE47F3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE47FA
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EE4804
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00EE4855
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE4875
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EE4882
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: d86669b3bdcdc3ecbef1c08b8a56d43a5da1c1c7c8816ac5d8ae3b4900cd691e
                                                                                                                                                                                                            • Instruction ID: 5288a52cfcf14b7209bdd772a91781341d0a3fa389924548cb7092a68e14d9c3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d86669b3bdcdc3ecbef1c08b8a56d43a5da1c1c7c8816ac5d8ae3b4900cd691e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB01C07190029D9BCB08EB65C816AAE77B5FF80718F255109F924BB3D1DF749E01E781
                                                                                                                                                                                                            Function 00ED87D5 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED87DC
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED87E6
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED8837
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED8857
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED8864
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 8ffe4498fab9bb5dda7b1a58f6e27c20a5bbac7e79e4279c858366fb8beecf61
                                                                                                                                                                                                            • Instruction ID: abe8f17e7ed30dfebff0ea0450711d4468b79debe921d33766f0d57cc881a821
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ffe4498fab9bb5dda7b1a58f6e27c20a5bbac7e79e4279c858366fb8beecf61
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE01C0359002599BCB04EB64C902AAE77A5FF40718F64550AE914BB3D2DF709E06E791
                                                                                                                                                                                                            Function 00EE4888 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EE488F
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00EE4899
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00EE48EA
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00EE490A
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EE4917
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: 5dbb873bf0e4b8d24d6624f799f2d79861c74ff143cf2c0d046b57969abe0542
                                                                                                                                                                                                            • Instruction ID: ba10230276399ea6859418b59c80393f211039393a4cfa6615bf59026cbeb00b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dbb873bf0e4b8d24d6624f799f2d79861c74ff143cf2c0d046b57969abe0542
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F001C47190029E9BCB05EBA5C801AAE77E5EF80314F245109E914B73D2DF749E05DB81
                                                                                                                                                                                                            Function 00ED7FAF Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00ED7FB6
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ED7FC0
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::_Lockit.LIBCPMT ref: 00E72D30
                                                                                                                                                                                                              • Part of subcall function 00E72D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00E72D4C
                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00ED8011
                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ED8031
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ED803E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                                            • Opcode ID: a8e330a4e2aee2dfa3c319de05c2539511ebadf635ff3219fa8b41f84072d4aa
                                                                                                                                                                                                            • Instruction ID: 912f6625ce42760e6e19c7958a14ee3811d2d9765fac8d694e5bbee91cbca6f7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8e330a4e2aee2dfa3c319de05c2539511ebadf635ff3219fa8b41f84072d4aa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B01C0359002199FCB15FB68CA02AAE77B5FF40714F24110AF924BB392DFB49E06A791
                                                                                                                                                                                                            Function 00F0B487 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0B49F
                                                                                                                                                                                                              • Part of subcall function 00F02098: RtlFreeHeap.NTDLL(00000000,00000000,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?), ref: 00F020AE
                                                                                                                                                                                                              • Part of subcall function 00F02098: GetLastError.KERNEL32(?,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?,?), ref: 00F020C0
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0B4B1
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0B4C3
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0B4D5
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F0B4E7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                            • Opcode ID: 577f1bd1c834d42a20d24302968ec4cb19387ad631c9b3d320c3ed955b1a2d8d
                                                                                                                                                                                                            • Instruction ID: 4243bb0f19b38450dc4db171757d3090fe09a4682a0bc11d954c3a79f28f1947
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 577f1bd1c834d42a20d24302968ec4cb19387ad631c9b3d320c3ed955b1a2d8d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BF01D36904708ABC670EF68F98AC1A77DDEE057207A48855F549D76C2CB34FD84BA60
                                                                                                                                                                                                            Function 00EE88B0 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00F6742C,?,?,00E84086,00F6827C,00F268E0,?), ref: 00EE88BA
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00F6742C,?,?,00E84086,00F6827C,00F268E0,?), ref: 00EE88ED
                                                                                                                                                                                                            • RtlWakeAllConditionVariable.NTDLL ref: 00EE8964
                                                                                                                                                                                                            • SetEvent.KERNEL32(?,00E84086,00F6827C,00F268E0,?), ref: 00EE896E
                                                                                                                                                                                                            • ResetEvent.KERNEL32(?,00E84086,00F6827C,00F268E0,?), ref: 00EE897A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3916383385-0
                                                                                                                                                                                                            • Opcode ID: c9e95b1ede17c3b982937717ce18e591bd56ce2847cecb77eef6e6014565dbb9
                                                                                                                                                                                                            • Instruction ID: e5d2bb83fc49d63d1367d8921312b2f0d4f932a3bd7f5e9f76ae5056f2a4951c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9e95b1ede17c3b982937717ce18e591bd56ce2847cecb77eef6e6014565dbb9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05014631905268DFC710FF28FD588987BA8EB0D716700406AE91693221CB715C12EB91
                                                                                                                                                                                                            Function 00EC0720 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 19COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00EC0743
                                                                                                                                                                                                            • NWebAdvisor::CCabParser::Close, xrefs: 00EC073E
                                                                                                                                                                                                            • CloseHandle failed: %d, xrefs: 00EC0737
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                                            • String ID: CloseHandle failed: %d$NWebAdvisor::CCabParser::Close$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                            • API String ID: 918212764-1823807987
                                                                                                                                                                                                            • Opcode ID: 8f848ac43014832b45478b27c90f090477e05180320d7f2d82d8b80f6ee7fea6
                                                                                                                                                                                                            • Instruction ID: d7d4ec75be36071a20fdbb5c1a294f5f5bd526936475882722c38b087bf5fd17
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f848ac43014832b45478b27c90f090477e05180320d7f2d82d8b80f6ee7fea6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BD05B317443146EF7302B69AC0BF5635989B05734F100A2DB651A51E1D6E2E852A756
                                                                                                                                                                                                            Function 00EB5760 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 454COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00EB5C87
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                            • String ID: L$L$bad conversion
                                                                                                                                                                                                            • API String ID: 118556049-1085037651
                                                                                                                                                                                                            • Opcode ID: 5e4be8713624256130e8c1df347da94b1f8309de2349c521834a5453c90ce3c6
                                                                                                                                                                                                            • Instruction ID: 68e324a1c747da49e0924aa8b41879930a6d92b6dfe8ae9b1b8ee895e988e4ac
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e4be8713624256130e8c1df347da94b1f8309de2349c521834a5453c90ce3c6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6025D72E00658CFDB19CFA8C891BEEBBB6BF45310F245229E415BB395DB30A945CB50
                                                                                                                                                                                                            Function 00EB22F0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 446COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00EB2319
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00EB2369
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                            • String ID: XML hound handler failed.$_=nil}
                                                                                                                                                                                                            • API String ID: 3664257935-979112626
                                                                                                                                                                                                            • Opcode ID: cc094e82589894dfd9140944b71a7c947a965d1e08c281b5cf2ac109f20d7935
                                                                                                                                                                                                            • Instruction ID: 3017fd2948fe4d13971470234d55c4aff24d8e4c66ae01b517a23949e30191a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc094e82589894dfd9140944b71a7c947a965d1e08c281b5cf2ac109f20d7935
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFF1E171900209AFDB24DF68D845BEFB7F4EF04314F04856DE509BB691DB34AA84CBA1
                                                                                                                                                                                                            Function 00EF3207 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 375COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __freea
                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                            • API String ID: 240046367-3206640213
                                                                                                                                                                                                            • Opcode ID: a3505a72c7177092e343ad63f22828725421998e2c4898e7441c911e69746be6
                                                                                                                                                                                                            • Instruction ID: 571f469be3b7b504dcd44e403f41172d10229d5e8defd1c9092c6e6d614aa16b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3505a72c7177092e343ad63f22828725421998e2c4898e7441c911e69746be6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4C1CD7590020ADACF24CF78C885ABABBB1EF85708F256149EA11BB350D7359F41CB61
                                                                                                                                                                                                            Function 00ED52EC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED52F3
                                                                                                                                                                                                              • Part of subcall function 00E9BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 00E9BE2F
                                                                                                                                                                                                              • Part of subcall function 00E9BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 00E9BE51
                                                                                                                                                                                                              • Part of subcall function 00E9BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00E9BE71
                                                                                                                                                                                                              • Part of subcall function 00E9BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00E9BFFC
                                                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 00ED54EF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                            • String ID: 0123456789ABCDEFabcdef-+Xx$l8]
                                                                                                                                                                                                            • API String ID: 3042121994-1635578128
                                                                                                                                                                                                            • Opcode ID: 5124745d7945de2695a966d2517752e9679fbe088a766846e04c31fdfc81580a
                                                                                                                                                                                                            • Instruction ID: 0aca7c41339516021473baf124f73a5d73ba9281eb2affc2948f3fd7c9afd97e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5124745d7945de2695a966d2517752e9679fbe088a766846e04c31fdfc81580a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAC1AF32D046888EDF22DBA4D450BECBBB2EF15304F28605BD8967B386CA309D47CB51
                                                                                                                                                                                                            Function 00E8B6E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8B886
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8B93D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Failed to convert wide to byte, xrefs: 00E8B90D
                                                                                                                                                                                                            • Failed to convert byte to wide, xrefs: 00E8B856
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                            • String ID: Failed to convert byte to wide$Failed to convert wide to byte
                                                                                                                                                                                                            • API String ID: 1656330964-1708777540
                                                                                                                                                                                                            • Opcode ID: 20225a07658206822eb2a9fd8d4114492b09df4cd42c406bc03152a2d07faa0f
                                                                                                                                                                                                            • Instruction ID: 58cc35d9b3fbc46777c326120d59e24e758d5dec1d1b1a44af21541f1631c172
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20225a07658206822eb2a9fd8d4114492b09df4cd42c406bc03152a2d07faa0f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA81F070E002488FEF18EFA8C955BEDBBB5EF41304F148198E91D7B282D7759A49CB61
                                                                                                                                                                                                            Function 00F151F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: \\?\
                                                                                                                                                                                                            • API String ID: 0-4282027825
                                                                                                                                                                                                            • Opcode ID: 825ad900eb5f4ad824519d469bb6ff04140b24718fc44e7b10648d3cf26e2a39
                                                                                                                                                                                                            • Instruction ID: a7d3ac6d0e81490df3faf986f3ecf78dd7ccfdf80dc48c4b0fbda68953fd986a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 825ad900eb5f4ad824519d469bb6ff04140b24718fc44e7b10648d3cf26e2a39
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53718071D00619DBCF14DFA8C884ADEB7F9BF85710F14462AE419FB290D730A985DBA1
                                                                                                                                                                                                            Function 00E7B420 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E7B64C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                            • API String ID: 323602529-1866435925
                                                                                                                                                                                                            • Opcode ID: 985a8591121b8025ad67f7d562714c46e6c63589fdf6cce6d00dca2e27cbecb7
                                                                                                                                                                                                            • Instruction ID: eaf890536413c6de6744864f0c6ffcbcd344a04291ba0eb32ec4624fe911a6f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 985a8591121b8025ad67f7d562714c46e6c63589fdf6cce6d00dca2e27cbecb7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82718CB1A00649DFDB14CF58C984B9AFBF5FF48318F14816AEA189B381D775E905CB90
                                                                                                                                                                                                            Function 00F14620 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000000), ref: 00F146E4
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00F14728
                                                                                                                                                                                                            • WritePrivateProfileStructW.KERNEL32(?,00000000,?,00000004,00000000), ref: 00F14768
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: PrivateProfileStructWrite$ErrorLast
                                                                                                                                                                                                            • String ID: MCRG
                                                                                                                                                                                                            • API String ID: 3778923442-1523812224
                                                                                                                                                                                                            • Opcode ID: 2796f7e8f8c3ee31c2c8e29c8d7da11fb652b8299a2045a88d15fa982b53d3bf
                                                                                                                                                                                                            • Instruction ID: 515fa53e6171bea1ff80e17811e1aab5caf290d88366d9932e7dcc2e8e4fb7c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2796f7e8f8c3ee31c2c8e29c8d7da11fb652b8299a2045a88d15fa982b53d3bf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC519B75900249AFDB10CFA8D845FDEBBF8EF49320F148259F815AB3A1DB70A944DB90
                                                                                                                                                                                                            Function 00E80490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00ED3D98: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,?,00E804D5,?,?,D49C76F0), ref: 00ED3DAE
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00E805CC
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E805F6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskFormatFreeLocalMessage
                                                                                                                                                                                                            • String ID: generic$unknown error
                                                                                                                                                                                                            • API String ID: 3868770561-3628847473
                                                                                                                                                                                                            • Opcode ID: 47c11be4b0091d48d1882298290bfbf1a7e27a7445bde57df2f60f677feaa054
                                                                                                                                                                                                            • Instruction ID: 4163ac3b708b6de17b81064b7dc33e076404a3be0f5188b69788abee9b0ed814
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47c11be4b0091d48d1882298290bfbf1a7e27a7445bde57df2f60f677feaa054
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5341C5719043499FDB70AF68C8457AFBBF8EF44314F10162EF45AA7381D77495088BA1
                                                                                                                                                                                                            Function 00EFEA12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\is-P2BH1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                            • API String ID: 0-656798482
                                                                                                                                                                                                            • Opcode ID: 717304e33e712d276535fb34f2443a63758e0376d20858d5fb84f0f1c9d50a2f
                                                                                                                                                                                                            • Instruction ID: 64ea0217bd1de6ab1f86feb1541652a3168ccf3886911d111dbfe3e680607730
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 717304e33e712d276535fb34f2443a63758e0376d20858d5fb84f0f1c9d50a2f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59318071A0061CEFCB31DF99DC85DAEBBF8EB84310B10506AE605B7361E6B0AE45DB50
                                                                                                                                                                                                            Function 00E74A4A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: H_prolog3_
                                                                                                                                                                                                            • String ID: /affid$MSAD_Subinfo$affid
                                                                                                                                                                                                            • API String ID: 2427045233-3897642808
                                                                                                                                                                                                            • Opcode ID: 5a1bbdfc0da061923fed206067a1ee8cde454deaaa49f62d8c980b670b493307
                                                                                                                                                                                                            • Instruction ID: e5a20c6af0d1243b6bcca6f9d289c9926d9ce6b8acca03933c1240f38d8d606b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a1bbdfc0da061923fed206067a1ee8cde454deaaa49f62d8c980b670b493307
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C4180B0D44208DEDB08DFA4D895AEDBFB4FF09314F14906DE809B7281D7309A4ADB55
                                                                                                                                                                                                            Function 00EE2F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00EE2F57
                                                                                                                                                                                                              • Part of subcall function 00ED7DF0: __EH_prolog3.LIBCMT ref: 00ED7DF7
                                                                                                                                                                                                              • Part of subcall function 00ED7DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00ED7E01
                                                                                                                                                                                                              • Part of subcall function 00ED7DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED7E72
                                                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 00EE2FF3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                            • String ID: %.0Lf$0123456789-
                                                                                                                                                                                                            • API String ID: 2544715827-3094241602
                                                                                                                                                                                                            • Opcode ID: 222834110699871b76e5cff22c557ce9c75d6ac93c6142dbc2af554b162ea8b3
                                                                                                                                                                                                            • Instruction ID: 5baa42568c4937dba2e26e0d562aeda73a37ad7f8bd731d5bd4f0be9f78802c8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 222834110699871b76e5cff22c557ce9c75d6ac93c6142dbc2af554b162ea8b3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A417931900258DFCF15EFA5C880AEEBBB9FF18314F10115AE915BB255DB30DA56CBA1
                                                                                                                                                                                                            Function 00EE3200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00EE3207
                                                                                                                                                                                                              • Part of subcall function 00E732DE: __EH_prolog3_GS.LIBCMT ref: 00E732E5
                                                                                                                                                                                                              • Part of subcall function 00E732DE: std::_Lockit::_Lockit.LIBCPMT ref: 00E732F2
                                                                                                                                                                                                              • Part of subcall function 00E732DE: std::_Lockit::~_Lockit.LIBCPMT ref: 00E73360
                                                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 00EE32A3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                                                            • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                            • API String ID: 3328206922-2494171821
                                                                                                                                                                                                            • Opcode ID: 8ef7dbb4dac230965b7f9892847484c55f2132be1f1b478597c21f40f0ce3fed
                                                                                                                                                                                                            • Instruction ID: 8489e2306dc83aaf52f52b7b61e4bc97d20c7b9f1bd740b3e7afe85033931bf4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ef7dbb4dac230965b7f9892847484c55f2132be1f1b478597c21f40f0ce3fed
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C415B31900258DFCF05DFE9D8849DEBBB5FF08314F10516AE915BB261DB309A5ACB91
                                                                                                                                                                                                            Function 00EE7470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00EE7477
                                                                                                                                                                                                              • Part of subcall function 00E9C960: std::_Lockit::_Lockit.LIBCPMT ref: 00E9C995
                                                                                                                                                                                                              • Part of subcall function 00E9C960: std::_Lockit::_Lockit.LIBCPMT ref: 00E9C9B7
                                                                                                                                                                                                              • Part of subcall function 00E9C960: std::_Lockit::~_Lockit.LIBCPMT ref: 00E9C9D7
                                                                                                                                                                                                              • Part of subcall function 00E9C960: std::_Lockit::~_Lockit.LIBCPMT ref: 00E9CAB1
                                                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 00EE7511
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                            • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                            • API String ID: 3042121994-2494171821
                                                                                                                                                                                                            • Opcode ID: b825593b4a18d5584e0cc953e21a59101e81079ea05e9d53512b8e78bea0b16c
                                                                                                                                                                                                            • Instruction ID: 057738b1d086e27662441f2a82e2321ad1a444cccec28af86ee22f057c1bf9f2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b825593b4a18d5584e0cc953e21a59101e81079ea05e9d53512b8e78bea0b16c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8417B3190024DDFCF15DFA9D880AAEBBB5FF04310F10509AF965BB292DB349A16DB51
                                                                                                                                                                                                            Function 00E9D700 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetKnownFolderPath.SHELL32(00F3D7E8,00000000,00000000,?,D49C76F0), ref: 00E9D75C
                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00E9D7D4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FolderFreeKnownPathTask
                                                                                                                                                                                                            • String ID: %s\%s
                                                                                                                                                                                                            • API String ID: 969438705-4073750446
                                                                                                                                                                                                            • Opcode ID: 83fb67f0650b758d35214cfa8fc1617fedc1a5bd31b13d3ff51a39a2608bebe3
                                                                                                                                                                                                            • Instruction ID: 2ac4e463f1cdc0e128f87993c1bab8f925ff0436d16ac120e01304d391a5d857
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83fb67f0650b758d35214cfa8fc1617fedc1a5bd31b13d3ff51a39a2608bebe3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9218271A04258ABDF04DFA5DC85FEEB7F8EB48714F50152AE905B3280DB74A904CB60
                                                                                                                                                                                                            Function 00E87156 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E94B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E9521E
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E87D3D
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E87DC8
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                            • String ID: Failed to add event category ($V
                                                                                                                                                                                                            • API String ID: 2287862619-1647955383
                                                                                                                                                                                                            • Opcode ID: 4e483b86e338cb1d8dfe67fdb9783795a96eca2afb2ea43304491dcd82fb88e0
                                                                                                                                                                                                            • Instruction ID: 873717faacd567b7b3248e97a8119420905eaa5a0e91bf09ec692d5f6af5fec6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e483b86e338cb1d8dfe67fdb9783795a96eca2afb2ea43304491dcd82fb88e0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F031A070904248CFDB04EF60D855BDD7BB4EF55304F5090A9EC4A2B282EB75EA08DBA2
                                                                                                                                                                                                            Function 00E8A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,D49C76F0,?,?), ref: 00E8A531
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E8A7EC
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8A989
                                                                                                                                                                                                              • Part of subcall function 00E8F110: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E8F268
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Unexpected return value: , xrefs: 00E8A8CC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                            • String ID: Unexpected return value:
                                                                                                                                                                                                            • API String ID: 1703231451-3613193034
                                                                                                                                                                                                            • Opcode ID: be6cdff8378e28ac53c2a8313fcc59e092c08a855a16685207cea2080b48ee5d
                                                                                                                                                                                                            • Instruction ID: 0123cd82391b3221ae9ed11a269548ab438c94ae3f7a3cf70128cfa7103efe87
                                                                                                                                                                                                            • Opcode Fuzzy Hash: be6cdff8378e28ac53c2a8313fcc59e092c08a855a16685207cea2080b48ee5d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1821E5709012089BEF18EBA4DC49BECB776EF44314F14A26AE51D772D2DB309A85CB12
                                                                                                                                                                                                            Function 00EE5C3A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mpunct$H_prolog3
                                                                                                                                                                                                            • String ID: $+xv
                                                                                                                                                                                                            • API String ID: 4281374311-1686923651
                                                                                                                                                                                                            • Opcode ID: 24534e6778462ba75b611f35ac644b6d7adba05d5c5001120479aa00566daf62
                                                                                                                                                                                                            • Instruction ID: 96e51e5609727583d89a7ca6653a4f2c558fcd1970d264d4af7b51af0ce98da4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24534e6778462ba75b611f35ac644b6d7adba05d5c5001120479aa00566daf62
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A521B0B1904B966FD721DF75889077BBEF8AB08304F14195AE499D7A42E730EA01CB90
                                                                                                                                                                                                            Function 00EDDD07 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00EDDD0E
                                                                                                                                                                                                              • Part of subcall function 00ED7579: _Maklocstr.LIBCPMT ref: 00ED7599
                                                                                                                                                                                                              • Part of subcall function 00ED7579: _Maklocstr.LIBCPMT ref: 00ED75B6
                                                                                                                                                                                                              • Part of subcall function 00ED7579: _Maklocstr.LIBCPMT ref: 00ED75D3
                                                                                                                                                                                                              • Part of subcall function 00ED7579: _Maklocchr.LIBCPMT ref: 00ED75E5
                                                                                                                                                                                                              • Part of subcall function 00ED7579: _Maklocchr.LIBCPMT ref: 00ED75F8
                                                                                                                                                                                                            • _Mpunct.LIBCPMT ref: 00EDDD9B
                                                                                                                                                                                                            • _Mpunct.LIBCPMT ref: 00EDDDB5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                            • String ID: $+xv
                                                                                                                                                                                                            • API String ID: 2939335142-1686923651
                                                                                                                                                                                                            • Opcode ID: 30db4eb98da167da0c47cd869b0d509a924bdfd1448f76a5321576f532ae7c46
                                                                                                                                                                                                            • Instruction ID: fa015a29c5d7fc2a471af16f7fa7f294e6e429668d9a5135e75d8fba1be4196b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30db4eb98da167da0c47cd869b0d509a924bdfd1448f76a5321576f532ae7c46
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D2181B1904A566FDB25DF74885077BBEF8EB09310B045A5AE499D7B41D730EA02CB90
                                                                                                                                                                                                            Function 00E87052 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceBeginInitialize.KERNEL32(00F680C4,00000000,D49C76F0,00000000,D49C76F0,00E7A219,00F680CC,?,?,?,?,?,?,00E7A219,?,?), ref: 00E79BE5
                                                                                                                                                                                                              • Part of subcall function 00E79BB0: InitOnceComplete.KERNEL32(00F680C4,00000000,00000000), ref: 00E79C1D
                                                                                                                                                                                                              • Part of subcall function 00E79940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E79A12
                                                                                                                                                                                                            • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00E87D3D
                                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00E87DC8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                            • String ID: P$Service has not been initialized
                                                                                                                                                                                                            • API String ID: 920826028-2917841385
                                                                                                                                                                                                            • Opcode ID: 6ec46b3808716c6d8e872d1bb6b7486f7bba0879f897a5b527842b25e2d584ba
                                                                                                                                                                                                            • Instruction ID: 9fc7e0be92619db83e8dfb17def975f53c029d804e2bdc39bf5d369ed8f1a8c5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ec46b3808716c6d8e872d1bb6b7486f7bba0879f897a5b527842b25e2d584ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46018471904248CEDF04EFA0D412BED77B4EF54310F50A06AED0A27282EB75A60CDB56
                                                                                                                                                                                                            Function 00E7308E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00E73095
                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00E730A2
                                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00E730DF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: std::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                                            • API String ID: 4089677319-1405518554
                                                                                                                                                                                                            • Opcode ID: ae490021f38356f41f3d36a9305bcc795eed437d25df119a7ddb57760f98265b
                                                                                                                                                                                                            • Instruction ID: 28b6b15858f6c50f30f6cdff3357ac3ffc7080ce336e612cba3ccdb113885ba3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae490021f38356f41f3d36a9305bcc795eed437d25df119a7ddb57760f98265b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36016271405B84DEC7319F7A858154BFFE0BF28700B509A6FE08E97B41CB30A605CB6A
                                                                                                                                                                                                            Function 00E9D6D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,00E74E6C,D49C76F0), ref: 00E9D6D5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00E9D6E5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                            • String ID: SetDefaultDllDirectories$kernel32.dll
                                                                                                                                                                                                            • API String ID: 1646373207-2102062458
                                                                                                                                                                                                            • Opcode ID: b25803bc41bb96c3e978a639da9cac9d8179345cacb026f5921b93ca4d506200
                                                                                                                                                                                                            • Instruction ID: 6ddaa5808e66f1c62f521db4f78a251d24f037481856fbeac8f62cd13ad10971
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b25803bc41bb96c3e978a639da9cac9d8179345cacb026f5921b93ca4d506200
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48D0122038871916DE106BB60D09F0E2644BE81BC2F185850A445E60D1CDE4D442EA22
                                                                                                                                                                                                            Function 00F024F8 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                            • Opcode ID: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                            • Instruction ID: 1c6da251ed5e739d1bbb7d5db18d0df786ec34ef58cdf49eeddf9462ed99f54d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FB14432E042859FDB51CF28C8957AEBBE5EF55360F2441AAD845AB281D6398E01FB70
                                                                                                                                                                                                            Function 00ED8F69 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 838279627-0
                                                                                                                                                                                                            • Opcode ID: f7bf9833dbe176d117840898644804b9f9824784f59507813dcd0e2367f17142
                                                                                                                                                                                                            • Instruction ID: c8bac7d1987acc741f16af9cdd8f2c9876f620565277b7c2ef7b20e67add2032
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7bf9833dbe176d117840898644804b9f9824784f59507813dcd0e2367f17142
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FB1267190024A9FDF10DFA4C985AEEBBB9FF08310F14601AE955BB352D7309E56CBA1
                                                                                                                                                                                                            Function 00F12AF0 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E7463F: GetProcessHeap.KERNEL32(?,?,?,00E7E97C,D49C76F0,?,?,?,?,00F19590,000000FF), ref: 00E74676
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,00F1FB28,000000FF), ref: 00F12BF4
                                                                                                                                                                                                              • Part of subcall function 00E975F0: FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00F12B5D,?,00000000), ref: 00E97628
                                                                                                                                                                                                              • Part of subcall function 00E975F0: LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00F12B5D,?,00000000,?,?,?,?,?,00F1FB28), ref: 00E97636
                                                                                                                                                                                                              • Part of subcall function 00E975F0: LockResource.KERNEL32(00000000,?,?,?,?,?,00F12B5D,?,00000000,?,?,?,?,?,00F1FB28,000000FF), ref: 00E97641
                                                                                                                                                                                                              • Part of subcall function 00E975F0: SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00F12B5D,?,00000000,?,?,?,?,?,00F1FB28), ref: 00E9764F
                                                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00F12B74
                                                                                                                                                                                                              • Part of subcall function 00E97580: LoadResource.KERNEL32(?,?,?,00F12B8A,00000000,00000000,?,?,00000006), ref: 00E97589
                                                                                                                                                                                                              • Part of subcall function 00E97580: LockResource.KERNEL32(00000000,?,00F12B8A,00000000,00000000,?,?,00000006), ref: 00E97594
                                                                                                                                                                                                              • Part of subcall function 00E97580: SizeofResource.KERNEL32(?,?,?,00F12B8A,00000000,00000000,?,?,00000006), ref: 00E975A8
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00F12BAB
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,00F1FB28,000000FF), ref: 00F12C2E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof$HeapProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2838002939-0
                                                                                                                                                                                                            • Opcode ID: a9542cbaaef3052a01b9defdb1dd9dd78ea37d8e4548df81a011a4d79c0f2788
                                                                                                                                                                                                            • Instruction ID: 0d98902dd97fd0cc3f5e22e9b8aace6c37b92781a2c90b6a72fc5ae33ad295d0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9542cbaaef3052a01b9defdb1dd9dd78ea37d8e4548df81a011a4d79c0f2788
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2151AF31200245AFEB24CF58CC59F6AF7E8EF94720F20455DF6459B2D0DBB5A890DB90
                                                                                                                                                                                                            Function 00EEC0E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                            • Opcode ID: 03517964415d7162ea85d8e52633d9912729af43be9ff83e32e9e58aeb6f26b4
                                                                                                                                                                                                            • Instruction ID: dcefc885870c79dc1667bcd0e5d24959c029bc68d4324ffa3992015b9b468451
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03517964415d7162ea85d8e52633d9912729af43be9ff83e32e9e58aeb6f26b4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F851C17160168A9FDB289F96C841BBA77B4FF08718F34512DE915772A2D731AC42C790
                                                                                                                                                                                                            Function 00F1174E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F1181E
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F11847
                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(00000000,00F100BA,00000000,00F07369,?,?,?,?,?,?,?,00F100BA,00F07369,00000000), ref: 00F11879
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00F100BA,00F07369,00000000,?,?,?,?,00000000), ref: 00F11895
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$ErrorFileLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1547350101-0
                                                                                                                                                                                                            • Opcode ID: 064481b97ef69081b49c4ab19b01a268904a5f90ff5f9aefb6ef606811ae2fde
                                                                                                                                                                                                            • Instruction ID: a5b005c2d18561b8c56733e6ba868b6271a811304bd24712bc4f9ca08acc3c01
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 064481b97ef69081b49c4ab19b01a268904a5f90ff5f9aefb6ef606811ae2fde
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2941AF72D006499BDB11ABA8CC46BDE37A9FF44370F285115FA24E72D1EA38C890B761
                                                                                                                                                                                                            Function 00F03531 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4539d592fb9633ea688683196e151fb71f1771e945f2499e6bc3b6dc522c2daa
                                                                                                                                                                                                            • Instruction ID: 1a68324062a32b3dc8fc4a5afbbf9327f01b8839c7f2832817b471934a4d6821
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4539d592fb9633ea688683196e151fb71f1771e945f2499e6bc3b6dc522c2daa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 504119B2A00704BFD724AF38CC41BAABBE9EF84710F14412AF101DB3D1D375AA40A780
                                                                                                                                                                                                            Function 00E9EBA0 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegSetKeySecurity.ADVAPI32(00000000,00000000,00000000,00000000), ref: 00E9EBCB
                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00E9EC28
                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,?,00000000,00000000), ref: 00E9EC4F
                                                                                                                                                                                                              • Part of subcall function 00E9EBA0: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 00E9EC7E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseEnumOpenSecurity
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 611561417-0
                                                                                                                                                                                                            • Opcode ID: f5f60ba10616fd09816597497d6c7198d73af9c381470e30512c817b002b920f
                                                                                                                                                                                                            • Instruction ID: 7a805db60c795e61e59fcd82953bf82576995918849a64fefd2f1e835a3b0579
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5f60ba10616fd09816597497d6c7198d73af9c381470e30512c817b002b920f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F316172A0021CABDF30DF55DD49FEAB7B8EB48700F1005A5FA59F6292DA709E50DB90
                                                                                                                                                                                                            Function 00EFE0E7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4eacab931cc581fd810781f83990b37e0e991724c94495c8d89979df60f7b6cc
                                                                                                                                                                                                            • Instruction ID: 727b391a60a622e1b0bb5420a356b622e7ff656a1fcee62fc070d061df3e4fea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4eacab931cc581fd810781f83990b37e0e991724c94495c8d89979df60f7b6cc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A021CF7120920DAFEB20AF62CC8197B77ADEF443687106625F625F63A1E730FC1197A0
                                                                                                                                                                                                            Function 00E975F0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00EE987E: EnterCriticalSection.KERNEL32(00F677A0,?,00000001,?,00E986A7,00000000,?,00000001,?,00000000,?,?,00E9C338,-00000010), ref: 00EE9889
                                                                                                                                                                                                              • Part of subcall function 00EE987E: LeaveCriticalSection.KERNEL32(00F677A0,?,00E986A7,00000000,?,00000001,?,00000000,?,?,00E9C338,-00000010,?,?,?,D49C76F0), ref: 00EE98B5
                                                                                                                                                                                                            • FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00F12B5D,?,00000000), ref: 00E97628
                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00F12B5D,?,00000000,?,?,?,?,?,00F1FB28), ref: 00E97636
                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,?,00F12B5D,?,00000000,?,?,?,?,?,00F1FB28,000000FF), ref: 00E97641
                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00F12B5D,?,00000000,?,?,?,?,?,00F1FB28), ref: 00E9764F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 529824247-0
                                                                                                                                                                                                            • Opcode ID: a468faffa356ddc8eef2c8105c9419daf6b6894d9709c531e300ec775ea30565
                                                                                                                                                                                                            • Instruction ID: 9d7d2318996f5676c40154ab66275d22e0f2c86e0df891ba8ef910e4045faff6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a468faffa356ddc8eef2c8105c9419daf6b6894d9709c531e300ec775ea30565
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3811783260C7164BDB349E1D9C40A7BB398EBC0399F201A2DF9D3E3252EF20DC099260
                                                                                                                                                                                                            Function 00F15D60 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00F15B7C,0000FDE9,?,00000000,?), ref: 00F15D8B
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00F15B7C,0000FDE9,?,00000000,?), ref: 00F15D95
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 203985260-0
                                                                                                                                                                                                            • Opcode ID: 212b9be9c67dc7964d29b483606e84e9a95023451459f8202990d459463e7ef3
                                                                                                                                                                                                            • Instruction ID: 7770caa8d67664d70b0595897896bebedc4fa1361e94993b7cb29f0944bf5eaa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 212b9be9c67dc7964d29b483606e84e9a95023451459f8202990d459463e7ef3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7511C833344208A7D7305E59FC05F967798EBD4B71F20453BF544EA1D1D371A861A764
                                                                                                                                                                                                            Function 00F01CA9 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000008,00000016,00000000,00F04E01), ref: 00F01CAE
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01D0B
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01D41
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00F01D4C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                                                                                            • Opcode ID: 85101599f01610613ed335311233f025adce622bb38eff82e2ec68731491c1b2
                                                                                                                                                                                                            • Instruction ID: 9a6e1514699aa6e47a7195dbff4f8315baa5a4bbe30bb74c393e09d3318a09ce
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85101599f01610613ed335311233f025adce622bb38eff82e2ec68731491c1b2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF11E9737417082BDA1127759D86D7B31A9FBC577A7280234F7218B2D2DE25DC05B160
                                                                                                                                                                                                            Function 00F01E00 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32(00F680CC,?,?,00EED742,00F021B7,?,?,00EE872D,?,?,00E7A1ED,0000002C,D49C76F0), ref: 00F01E05
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01E62
                                                                                                                                                                                                            • _free.LIBCMT ref: 00F01E98
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00EED742,00F021B7,?,?,00EE872D,?,?,00E7A1ED,0000002C,D49C76F0), ref: 00F01EA3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast_free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2283115069-0
                                                                                                                                                                                                            • Opcode ID: 16521c4a688de6b84df2e72b5f812f40e3bd5917a6a35157c8a2fed693377b6e
                                                                                                                                                                                                            • Instruction ID: c858f32b560f614db7094b82f8b9a416fbd5aab5dbf25fdaa9841e495a6549b1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16521c4a688de6b84df2e72b5f812f40e3bd5917a6a35157c8a2fed693377b6e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2411A5737007042BDA112775DD8AD3F3199BBC577A7680234FB25DB2D1DE65AC05B120
                                                                                                                                                                                                            Function 00ED3E04 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000400,?,D49C76F0,00000000,00000000,00000000,00000000,?,?,?,00E7EE58,00000000,D49C76F0,?,00000000), ref: 00ED3E21
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E7EE58,00000000,D49C76F0,?,00000000,00000000,D49C76F0,?), ref: 00ED3E2D
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,?,D49C76F0,00000000,00000000,00000000,00000000,?,00E7EE58,00000000,D49C76F0,?,00000000,00000000,D49C76F0), ref: 00ED3E53
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00E7EE58,00000000,D49C76F0,?,00000000,00000000,D49C76F0,?), ref: 00ED3E5F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 203985260-0
                                                                                                                                                                                                            • Opcode ID: 9421f407a6cc7bed39afb4c3ee21031a0eac7fb63122786d3d59c26226403fe0
                                                                                                                                                                                                            • Instruction ID: 6baa854626bcb1a67ccde3a5b07062079c30a8e0484733aae415cc12bbf30461
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9421f407a6cc7bed39afb4c3ee21031a0eac7fb63122786d3d59c26226403fe0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A901123260015ABBCF320F96DC08C9B3F66EBD9791B209425FE0155260C731C933E7A1
                                                                                                                                                                                                            Function 00F11647 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00EA860A,D49C76F0,00F5C218,00000000,00EA860A,?,00F0F9C7,00EA860A,00000001,00EA860A,00EA860A,?,00F05B42,00000000,?,00EA860A), ref: 00F1165E
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00F0F9C7,00EA860A,00000001,00EA860A,00EA860A,?,00F05B42,00000000,?,00EA860A,00000000,00EA860A,?,00F06096,00EA860A), ref: 00F1166A
                                                                                                                                                                                                              • Part of subcall function 00F11630: CloseHandle.KERNEL32(FFFFFFFE,00F1167A,?,00F0F9C7,00EA860A,00000001,00EA860A,00EA860A,?,00F05B42,00000000,?,00EA860A,00000000,00EA860A), ref: 00F11640
                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 00F1167A
                                                                                                                                                                                                              • Part of subcall function 00F115F0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F1161F,00F0F9B4,00EA860A,?,00F05B42,00000000,?,00EA860A,00000000), ref: 00F11603
                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00EA860A,D49C76F0,00F5C218,00000000,?,00F0F9C7,00EA860A,00000001,00EA860A,00EA860A,?,00F05B42,00000000,?,00EA860A,00000000), ref: 00F1168F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                            • Opcode ID: 14cbdbd6c1dc071d3edefae2200c7a5de69140b67d4507f8c42d5517b6caf1a4
                                                                                                                                                                                                            • Instruction ID: ec14ca76c78c618bb3f5a3dc001d78d8dd3ba3d0f09c4adf3cafd1f354759cc1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14cbdbd6c1dc071d3edefae2200c7a5de69140b67d4507f8c42d5517b6caf1a4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FF0153690111DBBCF222F91DC09ADA3F26FB493A0F184014FA1A89160CB728861FF90
                                                                                                                                                                                                            Function 00EE8982 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SleepConditionVariableCS.KERNELBASE(?,00EE891F,00000064), ref: 00EE89A5
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00F6742C,00E81171,?,00EE891F,00000064,?,?,?,00E8402B,00F6827C,D49C76F0,?,00E81171,?), ref: 00EE89AF
                                                                                                                                                                                                            • WaitForSingleObjectEx.KERNEL32(00E81171,00000000,?,00EE891F,00000064,?,?,?,00E8402B,00F6827C,D49C76F0,?,00E81171,?), ref: 00EE89C0
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00F6742C,?,00EE891F,00000064,?,?,?,00E8402B,00F6827C,D49C76F0,?,00E81171,?), ref: 00EE89C7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3269011525-0
                                                                                                                                                                                                            • Opcode ID: 8acbbc5ec0c8047457f9a8beed575298bb3d40c09f749bf0361a0fa12e36b85b
                                                                                                                                                                                                            • Instruction ID: f1c425ba18caf0fb9021b8c13350ebe3cce6010036c863d9adc918faaf53db67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8acbbc5ec0c8047457f9a8beed575298bb3d40c09f749bf0361a0fa12e36b85b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AE0923290432CEBC7217B51ED0C99D3F29FB08B55B100060F51D62162CFB24821BBD2
                                                                                                                                                                                                            Function 00EFF540 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • _free.LIBCMT ref: 00EFF549
                                                                                                                                                                                                              • Part of subcall function 00F02098: RtlFreeHeap.NTDLL(00000000,00000000,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?), ref: 00F020AE
                                                                                                                                                                                                              • Part of subcall function 00F02098: GetLastError.KERNEL32(?,?,00F0B729,?,00000000,?,?,?,00F0B9CC,?,00000007,?,?,00F0BDD6,?,?), ref: 00F020C0
                                                                                                                                                                                                            • _free.LIBCMT ref: 00EFF55C
                                                                                                                                                                                                            • _free.LIBCMT ref: 00EFF56D
                                                                                                                                                                                                            • _free.LIBCMT ref: 00EFF57E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                            • Opcode ID: b7af6d4cfead7a8a435c5b7350cfb5e513f8443f825d6706f4d0ec974a30c5d8
                                                                                                                                                                                                            • Instruction ID: dda5559edcdf03532fe58c81dfb41eb8114a6d5007a9d1e1d53962a0aed45c2e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7af6d4cfead7a8a435c5b7350cfb5e513f8443f825d6706f4d0ec974a30c5d8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FE04670894728EAD6623F30BC054093B21A715748300490AF82803331CFBE016EFBE1
                                                                                                                                                                                                            Function 00E89C2D Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 1$Async event sender already initialized
                                                                                                                                                                                                            • API String ID: 0-1633570939
                                                                                                                                                                                                            • Opcode ID: 23ecf8a46ddd57d2fc6475ef6461756da3f833cb3c19c8a5899b3b297a8816cf
                                                                                                                                                                                                            • Instruction ID: 56c857a2e7e31c843c6d1060f4a79cff040ef18fcffde598b3e6bf67966ef99c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23ecf8a46ddd57d2fc6475ef6461756da3f833cb3c19c8a5899b3b297a8816cf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FC1BC70610A408FEB18DB34CC98BABB7E5EF40305F585A1CE16EDB6A1DB79B944CB14
                                                                                                                                                                                                            Function 00EDBBCA Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00EDBBD4
                                                                                                                                                                                                              • Part of subcall function 00ED8616: __EH_prolog3.LIBCMT ref: 00ED861D
                                                                                                                                                                                                              • Part of subcall function 00ED8616: std::_Lockit::_Lockit.LIBCPMT ref: 00ED8627
                                                                                                                                                                                                              • Part of subcall function 00ED8616: std::_Lockit::~_Lockit.LIBCPMT ref: 00ED8698
                                                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 00EDBE0E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • 0123456789ABCDEFabcdef-+Xx, xrefs: 00EDBC4B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                            • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                            • API String ID: 2544715827-2799312399
                                                                                                                                                                                                            • Opcode ID: 0dd2838fceca53d6901485b6c7d451747fe805ee790051006d57b20c93086919
                                                                                                                                                                                                            • Instruction ID: c112a6b8cc4a6b8329e0a939d5463853688546be83864185665c3396b66c8267
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dd2838fceca53d6901485b6c7d451747fe805ee790051006d57b20c93086919
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2C14F34E04258CADF25DF68C8447ECBBB2EF55304F55509AE8897B382EB748D86DB50
                                                                                                                                                                                                            Function 00EDBFA0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00EDBFAA
                                                                                                                                                                                                              • Part of subcall function 00E77892: __EH_prolog3_GS.LIBCMT ref: 00E77899
                                                                                                                                                                                                              • Part of subcall function 00E77892: std::_Lockit::_Lockit.LIBCPMT ref: 00E778A6
                                                                                                                                                                                                              • Part of subcall function 00E77892: std::_Lockit::~_Lockit.LIBCPMT ref: 00E77914
                                                                                                                                                                                                            • _Find_elem.LIBCPMT ref: 00EDC1E4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • 0123456789ABCDEFabcdef-+Xx, xrefs: 00EDC021
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                                                            • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                            • API String ID: 3328206922-2799312399
                                                                                                                                                                                                            • Opcode ID: 238cd9dc4b19e33d9e4f68d817055973aeaf3eb3d45e9f899e921b980fc3ba6d
                                                                                                                                                                                                            • Instruction ID: e4cddcdd748a5dc6dbbe11e2f4064ce936982fcce6322854edce37e3f5e3bddf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 238cd9dc4b19e33d9e4f68d817055973aeaf3eb3d45e9f899e921b980fc3ba6d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23C17430A04269CADF15DBA8C8447ECBBB2EF15348F64A09BD8497B342DB748D86DB51
                                                                                                                                                                                                            Function 00EB2820 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 223registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,D49C76F0,00000000,00000001,?), ref: 00EB28AC
                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,00000000,00000000,?,00000000,?,00000000,?), ref: 00EB2972
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: EnumInfoQueryValue
                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                            • API String ID: 918324718-3964021255
                                                                                                                                                                                                            • Opcode ID: ba197fcad97f04fa37bda98a1be18e9b6e449fabb88d806de439274f98c1546a
                                                                                                                                                                                                            • Instruction ID: 1e99b923b1f27df234153ee28b6ae35f0ea320dc2f3ff102f19877bb8a0b0863
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba197fcad97f04fa37bda98a1be18e9b6e449fabb88d806de439274f98c1546a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA81D071C002589BDB14CBA8C945BEFFBF8EF44704F20515EE90ABB251EB746A09CB90
                                                                                                                                                                                                            Function 00EFDE2D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 00EFDEBD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                            • Opcode ID: 8278106163634c8d63716d1a8a8b1c3d6ea248c0c9e6d49c11715e8669a014ba
                                                                                                                                                                                                            • Instruction ID: a7a7e7214451b2b6fd721ae5818f7d168382048baf7c8ba0d2b9412d9d77cefe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8278106163634c8d63716d1a8a8b1c3d6ea248c0c9e6d49c11715e8669a014ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B751BE63E1C10986CB127B14CD113BA3F90DBA0710F245D68F496962EAFFB58CC4B642
                                                                                                                                                                                                            Function 00EE7B97 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: __aulldiv
                                                                                                                                                                                                            • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                            • API String ID: 3732870572-1956417402
                                                                                                                                                                                                            • Opcode ID: dd67e9ff9aad963d4a88629650644786648fd9bff8be81987584cd91940b324a
                                                                                                                                                                                                            • Instruction ID: 5c8aa0b5a74b5048209ec08f1c7c6f757278370c47cf1df0f03a23b2a07a579c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd67e9ff9aad963d4a88629650644786648fd9bff8be81987584cd91940b324a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7151B630A0C2CD6ADF258E6AC8817BEBBFAAF4A314F246469E8C5F7241D27489418751
                                                                                                                                                                                                            Function 00F14440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F12AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00F12B74
                                                                                                                                                                                                              • Part of subcall function 00F12AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00F12BAB
                                                                                                                                                                                                              • Part of subcall function 00F12AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,00F1FB28,000000FF), ref: 00F12C2E
                                                                                                                                                                                                            • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000002), ref: 00F1453C
                                                                                                                                                                                                            • WritePrivateProfileStructW.KERNEL32(?,?,00000000,?,00000002), ref: 00F14598
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiPrivateProfileStructWideWrite$FindResource
                                                                                                                                                                                                            • String ID: MCRG
                                                                                                                                                                                                            • API String ID: 2178413835-1523812224
                                                                                                                                                                                                            • Opcode ID: c4f9be26aad777a7f46a4f8db20eadb63141e1e9e81ea1e62d5016b8817c20a9
                                                                                                                                                                                                            • Instruction ID: fd7220a3b734b0a062df1782c44a07f974004cfae495f872f8bdf15e9a8fe024
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4f9be26aad777a7f46a4f8db20eadb63141e1e9e81ea1e62d5016b8817c20a9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00617A71900148AFDB01CFA8C844B9EFBF6EF85320F188259E815AB3A1DB74A945DB90
                                                                                                                                                                                                            Function 00E971C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E97362
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E97367
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                            • String ID: 'm
                                                                                                                                                                                                            • API String ID: 118556049-146587916
                                                                                                                                                                                                            • Opcode ID: 37c89c9225b678818c55bc464818cd9d7c5f47f77493b9e764e5a23719c8225e
                                                                                                                                                                                                            • Instruction ID: c0624aa7a04a4ec5678ae30f4d8eabecabe520833090a02094647c120b259fa0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37c89c9225b678818c55bc464818cd9d7c5f47f77493b9e764e5a23719c8225e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0651C4B1918605CFDB24CF24C94176EB7F5EF48300F11162EE89AA77A1DB31E948CB91
                                                                                                                                                                                                            Function 00EEC6E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00EEC707
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                            • Opcode ID: e015f00a0b82c7135856cfb6cb7f4fcb7a63d8357cbb159a48abb8c1a185a3d7
                                                                                                                                                                                                            • Instruction ID: c8e468898e83c32e13c727a273d2fe5f8e13b8bde4c5b1e47efa6d5f33b22798
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e015f00a0b82c7135856cfb6cb7f4fcb7a63d8357cbb159a48abb8c1a185a3d7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD41557290028DAFCF16DFA9CD81AEEBBB5BF08304F24905AF91476211D335A951DF50
                                                                                                                                                                                                            Function 00E7BED0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E7BFD6
                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00E7BFDB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                            • String ID: ios_base::badbit set
                                                                                                                                                                                                            • API String ID: 118556049-3882152299
                                                                                                                                                                                                            • Opcode ID: f92bd1b3875eb43ee71ceb7d70d9ff14a31b417b12ea01339a6f3eb4e0da9c53
                                                                                                                                                                                                            • Instruction ID: bc7f80beb0a0740cddc3cbab04352c73f3e7f83c0783a2ff1f2d5bcfee5bf348
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f92bd1b3875eb43ee71ceb7d70d9ff14a31b417b12ea01339a6f3eb4e0da9c53
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E31B2B26106099FC314DF18DC81B56B7E8FF44714F45962AF819ABB90D770E8248FE0
                                                                                                                                                                                                            Function 00EE3B60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: H_prolog3___cftoe
                                                                                                                                                                                                            • String ID: !%x
                                                                                                                                                                                                            • API String ID: 855520168-1893981228
                                                                                                                                                                                                            • Opcode ID: e46dcbd7ede9a9456bdbbf792da6211004bb7324a67977b7e2b9d0e66255dfa0
                                                                                                                                                                                                            • Instruction ID: b48735b549492179930b94b84310c476ce675802ce9bc6289880b456f29d4dcf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e46dcbd7ede9a9456bdbbf792da6211004bb7324a67977b7e2b9d0e66255dfa0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC315771D0024DABDF04DFA4E985AEEB7B6FF08308F205419F905B7251EB35AA45CB60
                                                                                                                                                                                                            Function 00EE7720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: H_prolog3___cftoe
                                                                                                                                                                                                            • String ID: !%x
                                                                                                                                                                                                            • API String ID: 855520168-1893981228
                                                                                                                                                                                                            • Opcode ID: bc3bfb278af0a94cb37dd5e17b97c9e431e5d56b45243f8c889291026216df78
                                                                                                                                                                                                            • Instruction ID: 74da162642de669aa1c6987616d611fd7083fca5ded705f5192f8ceba7df8f56
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc3bfb278af0a94cb37dd5e17b97c9e431e5d56b45243f8c889291026216df78
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89315871D1829CAFEF04DF99E841AEEBBB5EF09310F14101AF884B7242D7359A45DBA0
                                                                                                                                                                                                            Function 00E77A9B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: H_prolog3_
                                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                                            • API String ID: 2427045233-2658103896
                                                                                                                                                                                                            • Opcode ID: f8daf79d8f1c823a95944d168d0459d17674b7e412d29f97f0b28e640dbaedbc
                                                                                                                                                                                                            • Instruction ID: 24148ad87a0f91dc05dca44611f61269f080ac70ec682bddc5ccc6fb91f92aca
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8daf79d8f1c823a95944d168d0459d17674b7e412d29f97f0b28e640dbaedbc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB216DB5D04248ABDB14EFA5C885DAFB7F8FF44700F04905AF959AB252EB70DA01CB61
                                                                                                                                                                                                            Function 00E9E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CLSIDFromString.OLE32(0000007B,?), ref: 00E9E650
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FromString
                                                                                                                                                                                                            • String ID: @${
                                                                                                                                                                                                            • API String ID: 1694596556-3118734784
                                                                                                                                                                                                            • Opcode ID: d13a2a1219225c082748651c30e578297555f66a3fed7c8079d3a92302a76e72
                                                                                                                                                                                                            • Instruction ID: 81f58c3e82a3b19aadc639e3ce9a856ebbc9c51d8c47edddda9f134a8ff27958
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d13a2a1219225c082748651c30e578297555f66a3fed7c8079d3a92302a76e72
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8801A93160020C9BCB10DF59D900B9EB3F8FF58714F40819EB949E7110DE70AA84DB90
                                                                                                                                                                                                            Function 00F0564E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00F0ACE1: EnterCriticalSection.KERNEL32(?,?,00F0F56B,?,00F5C6E0,00000010,00F04ED0,00000000,05D1745D,00000004,00000000,00000016,?,00000003), ref: 00F0ACFC
                                                                                                                                                                                                            • FlushFileBuffers.KERNEL32(00000000,00F5C518,0000000C,00F05755,JO,?,00000003,00000003,00EF4F4A,?,00000003), ref: 00F05697
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00F056A8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: BuffersCriticalEnterErrorFileFlushLastSection
                                                                                                                                                                                                            • String ID: JO
                                                                                                                                                                                                            • API String ID: 4109680722-1663374661
                                                                                                                                                                                                            • Opcode ID: 887655c7feb53537d98bdbc37d36c9fc99589e0665fd16fdf2a26b650d57aa7e
                                                                                                                                                                                                            • Instruction ID: 3f1bb856140d082287e8a0ff406c802330113ab7f3c34935e2a29ca863c593da
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 887655c7feb53537d98bdbc37d36c9fc99589e0665fd16fdf2a26b650d57aa7e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1018072A003548FDB10EFA8D805A5E7BE5EB49720F14421BF451AB3D1DBB4D802EB40
                                                                                                                                                                                                            Function 00EE97CD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00E744F8: InitializeCriticalSectionEx.KERNEL32(00F677A0,00000000,00000000,00F6778C,00EE97FC,?,?,?,00E711BA), ref: 00E744FE
                                                                                                                                                                                                              • Part of subcall function 00E744F8: GetLastError.KERNEL32(?,?,?,00E711BA), ref: 00E74508
                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00E711BA), ref: 00EE9800
                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00E711BA), ref: 00EE980F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00EE980A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                            • API String ID: 3511171328-631824599
                                                                                                                                                                                                            • Opcode ID: ea4d4f0af55efbdc8ee4cd5ad670fdd74d097cd81cd5c626d4338be558cfe70c
                                                                                                                                                                                                            • Instruction ID: e9d34fdffc09a7ae34ebef8b10ef286e196fd300abe88b29d0e1628dac4c48bc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea4d4f0af55efbdc8ee4cd5ad670fdd74d097cd81cd5c626d4338be558cfe70c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8E09270600795CBD3749F26E4053437BE4AF05744F109D2DE49AE2272EBB0D449DBA2
                                                                                                                                                                                                            Function 00F15E10 Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,?,?,?,00F159F1,0000FDE9,?,?,?), ref: 00F15E33
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00F159F1,0000FDE9,?,?,?), ref: 00F15E3D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000006.00000002.2614606756.0000000000E61000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00E60000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614521451.0000000000E60000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2614979452.0000000000F2E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615097028.0000000000F5F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615175284.0000000000F64000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615255194.0000000000F66000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000006.00000002.2615323134.0000000000F69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_e60000_saBSI.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 203985260-0
                                                                                                                                                                                                            • Opcode ID: 72ea53024c3cb51609be6d562bcb81af82d5a3c81f80051fb2dd269587e71892
                                                                                                                                                                                                            • Instruction ID: d6c42f2422b166aea3acdd7aa5d3f719dd9a83d71e1a0f9063479d97069845b9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72ea53024c3cb51609be6d562bcb81af82d5a3c81f80051fb2dd269587e71892
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66119433700208ABD7309E6AFC44F9AB798EBD5B71F20493BF554DA291D3715861E760

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:10.2%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                            Signature Coverage:5.9%
                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                            Total number of Limit Nodes:28
                                                                                                                                                                                                            execution_graph 14758 2b1020 HeapSetInformation GetModuleHandleW 14759 2b103e GetProcAddress 14758->14759 14760 2b1063 SetDllDirectoryW GetModuleHandleW 14758->14760 14759->14760 14772 2b1050 14759->14772 14761 2b107d GetProcAddress 14760->14761 14762 2b10a2 IsProcessorFeaturePresent 14760->14762 14761->14762 14763 2b108f 14761->14763 14764 2b10ae 14762->14764 14765 2b10c6 14762->14765 14763->14762 14767 2b3b70 9 API calls 14764->14767 14777 2b7fe0 GetVersionExW 14765->14777 14768 2b10b8 ExitProcess 14767->14768 14770 2b10ea 14789 2c08de 14770->14789 14771 2b10d2 14786 2b3b70 #17 LoadStringW LoadStringW MessageBoxExW 14771->14786 14772->14760 14772->14762 14778 2b8049 GetLastError 14777->14778 14779 2b800e 14777->14779 14799 2b7da0 14778->14799 14792 2c0bbe 14779->14792 14783 2b10cb 14783->14770 14783->14771 14785 2b8071 14787 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 14786->14787 14788 2b10dc ExitProcess 14787->14788 14971 2c1035 14789->14971 14791 2c08e3 14791->14791 14793 2c0bc9 IsProcessorFeaturePresent 14792->14793 14794 2c0bc7 14792->14794 14796 2c13e7 14793->14796 14794->14783 14807 2c13ab SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14796->14807 14798 2c14ca 14798->14783 14808 2c2a76 14799->14808 14801 2b7ddd 14802 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 14801->14802 14803 2b7df9 14802->14803 14804 2c203a 14803->14804 14805 2c205a RaiseException 14804->14805 14805->14785 14807->14798 14809 2c2a83 14808->14809 14813 2c2ab0 14808->14813 14809->14813 14814 2c5196 14809->14814 14813->14801 14816 2c8e23 14814->14816 14815 2c8e61 14837 2c517e 14815->14837 14816->14815 14818 2c8e4c HeapAlloc 14816->14818 14821 2c8e35 _unexpected 14816->14821 14819 2c8e5f 14818->14819 14818->14821 14820 2c2aa0 14819->14820 14820->14813 14823 2c85fe 14820->14823 14821->14815 14821->14818 14832 2c7f33 14821->14832 14824 2c8619 14823->14824 14825 2c860b 14823->14825 14826 2c517e _free 20 API calls 14824->14826 14825->14824 14830 2c8630 14825->14830 14827 2c8621 14826->14827 14947 2c4640 14827->14947 14829 2c862b 14829->14813 14830->14829 14831 2c517e _free 20 API calls 14830->14831 14831->14827 14840 2c7f77 14832->14840 14834 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 14835 2c7f73 14834->14835 14835->14821 14836 2c7f49 14836->14834 14851 2c8b29 GetLastError 14837->14851 14841 2c7f83 CallCatchBlock 14840->14841 14846 2cb0d1 EnterCriticalSection 14841->14846 14843 2c7f8e 14847 2c7fc0 14843->14847 14845 2c7fb5 __onexit 14845->14836 14846->14843 14850 2cb121 LeaveCriticalSection 14847->14850 14849 2c7fc7 14849->14845 14850->14849 14852 2c8b48 14851->14852 14853 2c8b42 14851->14853 14857 2c8b9f SetLastError 14852->14857 14877 2ca272 14852->14877 14870 2cb2fb 14853->14870 14859 2c5183 14857->14859 14859->14820 14862 2c8b68 14865 2c8b96 SetLastError 14862->14865 14863 2c8b7e 14897 2c890c 14863->14897 14864 2c8b62 14884 2c8de9 14864->14884 14865->14859 14868 2c8de9 _free 17 API calls 14869 2c8b8f 14868->14869 14869->14857 14869->14865 14902 2cb138 14870->14902 14872 2cb322 14873 2cb33a TlsGetValue 14872->14873 14876 2cb32e 14872->14876 14873->14876 14874 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 14875 2cb34b 14874->14875 14875->14852 14876->14874 14883 2ca27f _unexpected 14877->14883 14878 2ca2bf 14880 2c517e _free 19 API calls 14878->14880 14879 2ca2aa RtlAllocateHeap 14881 2c8b5a 14879->14881 14879->14883 14880->14881 14881->14864 14890 2cb351 14881->14890 14882 2c7f33 _unexpected 7 API calls 14882->14883 14883->14878 14883->14879 14883->14882 14885 2c8df4 HeapFree 14884->14885 14886 2c8e1d _free 14884->14886 14885->14886 14887 2c8e09 14885->14887 14886->14862 14888 2c517e _free 18 API calls 14887->14888 14889 2c8e0f GetLastError 14888->14889 14889->14886 14891 2cb138 _unexpected 5 API calls 14890->14891 14892 2cb378 14891->14892 14893 2cb393 TlsSetValue 14892->14893 14894 2cb387 14892->14894 14893->14894 14895 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 14894->14895 14896 2c8b77 14895->14896 14896->14863 14896->14864 14915 2c88e4 14897->14915 14903 2cb168 __crt_fast_encode_pointer 14902->14903 14905 2cb164 14902->14905 14903->14872 14905->14903 14907 2cb188 14905->14907 14908 2cb1d4 14905->14908 14906 2cb194 GetProcAddress 14906->14903 14907->14903 14907->14906 14909 2cb1f5 LoadLibraryExW 14908->14909 14913 2cb1ea 14908->14913 14910 2cb22a 14909->14910 14911 2cb212 GetLastError 14909->14911 14910->14913 14914 2cb241 FreeLibrary 14910->14914 14911->14910 14912 2cb21d LoadLibraryExW 14911->14912 14912->14910 14913->14905 14914->14913 14921 2c8824 14915->14921 14917 2c8908 14918 2c8894 14917->14918 14931 2c8728 14918->14931 14920 2c88b8 14920->14868 14922 2c8830 CallCatchBlock 14921->14922 14927 2cb0d1 EnterCriticalSection 14922->14927 14924 2c883a 14928 2c8860 14924->14928 14926 2c8858 __onexit 14926->14917 14927->14924 14929 2cb121 _abort LeaveCriticalSection 14928->14929 14930 2c886a 14929->14930 14930->14926 14932 2c8734 CallCatchBlock 14931->14932 14939 2cb0d1 EnterCriticalSection 14932->14939 14934 2c873e 14940 2c8a5a 14934->14940 14936 2c8756 14944 2c876c 14936->14944 14938 2c8764 __onexit 14938->14920 14939->14934 14941 2c8a90 __fassign 14940->14941 14942 2c8a69 __fassign 14940->14942 14941->14936 14942->14941 14943 2cbba7 __fassign 20 API calls 14942->14943 14943->14941 14945 2cb121 _abort LeaveCriticalSection 14944->14945 14946 2c8776 14945->14946 14946->14938 14950 2c45c5 14947->14950 14949 2c464c 14949->14829 14951 2c8b29 _free 20 API calls 14950->14951 14952 2c45db 14951->14952 14953 2c463a 14952->14953 14956 2c45e9 14952->14956 14961 2c466d IsProcessorFeaturePresent 14953->14961 14955 2c463f 14957 2c45c5 __mbsinc 26 API calls 14955->14957 14959 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 14956->14959 14958 2c464c 14957->14958 14958->14949 14960 2c4610 14959->14960 14960->14949 14962 2c4678 14961->14962 14965 2c4476 14962->14965 14966 2c4492 ___scrt_fastfail 14965->14966 14967 2c44be IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14966->14967 14970 2c458f ___scrt_fastfail 14967->14970 14968 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 14969 2c45ad GetCurrentProcess TerminateProcess 14968->14969 14969->14955 14970->14968 14972 2c104b 14971->14972 14974 2c1054 14972->14974 14975 2c0fe8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 14972->14975 14974->14791 14975->14974 17186 2c7e30 17187 2c7e3c CallCatchBlock 17186->17187 17188 2c7e73 __onexit 17187->17188 17194 2cb0d1 EnterCriticalSection 17187->17194 17190 2c7e50 17195 2cbe6b 17190->17195 17194->17190 17196 2cbe79 __fassign 17195->17196 17198 2c7e60 17195->17198 17196->17198 17202 2cbba7 17196->17202 17199 2c7e79 17198->17199 17316 2cb121 LeaveCriticalSection 17199->17316 17201 2c7e80 17201->17188 17203 2cbc27 17202->17203 17206 2cbbbd 17202->17206 17205 2c8de9 _free 20 API calls 17203->17205 17229 2cbc75 17203->17229 17207 2cbc49 17205->17207 17206->17203 17210 2c8de9 _free 20 API calls 17206->17210 17211 2cbbf0 17206->17211 17208 2c8de9 _free 20 API calls 17207->17208 17212 2cbc5c 17208->17212 17209 2cbc83 17214 2cbce3 17209->17214 17227 2c8de9 20 API calls _free 17209->17227 17215 2cbbe5 17210->17215 17216 2c8de9 _free 20 API calls 17211->17216 17228 2cbc12 17211->17228 17217 2c8de9 _free 20 API calls 17212->17217 17213 2c8de9 _free 20 API calls 17218 2cbc1c 17213->17218 17220 2c8de9 _free 20 API calls 17214->17220 17230 2cb85e 17215->17230 17222 2cbc07 17216->17222 17223 2cbc6a 17217->17223 17219 2c8de9 _free 20 API calls 17218->17219 17219->17203 17224 2cbce9 17220->17224 17258 2cb95c 17222->17258 17226 2c8de9 _free 20 API calls 17223->17226 17224->17198 17226->17229 17227->17209 17228->17213 17270 2cbd1a 17229->17270 17231 2cb86f 17230->17231 17257 2cb958 17230->17257 17232 2cb880 17231->17232 17234 2c8de9 _free 20 API calls 17231->17234 17233 2cb892 17232->17233 17235 2c8de9 _free 20 API calls 17232->17235 17236 2cb8a4 17233->17236 17237 2c8de9 _free 20 API calls 17233->17237 17234->17232 17235->17233 17238 2cb8b6 17236->17238 17239 2c8de9 _free 20 API calls 17236->17239 17237->17236 17240 2cb8c8 17238->17240 17242 2c8de9 _free 20 API calls 17238->17242 17239->17238 17241 2cb8da 17240->17241 17243 2c8de9 _free 20 API calls 17240->17243 17244 2cb8ec 17241->17244 17245 2c8de9 _free 20 API calls 17241->17245 17242->17240 17243->17241 17246 2cb8fe 17244->17246 17247 2c8de9 _free 20 API calls 17244->17247 17245->17244 17248 2cb910 17246->17248 17250 2c8de9 _free 20 API calls 17246->17250 17247->17246 17249 2cb922 17248->17249 17251 2c8de9 _free 20 API calls 17248->17251 17252 2cb934 17249->17252 17253 2c8de9 _free 20 API calls 17249->17253 17250->17248 17251->17249 17254 2c8de9 _free 20 API calls 17252->17254 17255 2cb946 17252->17255 17253->17252 17254->17255 17256 2c8de9 _free 20 API calls 17255->17256 17255->17257 17256->17257 17257->17211 17259 2cb969 17258->17259 17260 2cb9c1 17258->17260 17261 2cb979 17259->17261 17262 2c8de9 _free 20 API calls 17259->17262 17260->17228 17263 2cb98b 17261->17263 17264 2c8de9 _free 20 API calls 17261->17264 17262->17261 17265 2cb99d 17263->17265 17266 2c8de9 _free 20 API calls 17263->17266 17264->17263 17267 2cb9af 17265->17267 17268 2c8de9 _free 20 API calls 17265->17268 17266->17265 17267->17260 17269 2c8de9 _free 20 API calls 17267->17269 17268->17267 17269->17260 17271 2cbd27 17270->17271 17275 2cbd45 17270->17275 17271->17275 17276 2cba01 17271->17276 17274 2c8de9 _free 20 API calls 17274->17275 17275->17209 17277 2cbadf 17276->17277 17278 2cba12 17276->17278 17277->17274 17312 2cb9c5 17278->17312 17281 2cb9c5 __fassign 20 API calls 17282 2cba25 17281->17282 17283 2cb9c5 __fassign 20 API calls 17282->17283 17284 2cba30 17283->17284 17285 2cb9c5 __fassign 20 API calls 17284->17285 17286 2cba3b 17285->17286 17287 2cb9c5 __fassign 20 API calls 17286->17287 17288 2cba49 17287->17288 17289 2c8de9 _free 20 API calls 17288->17289 17290 2cba54 17289->17290 17291 2c8de9 _free 20 API calls 17290->17291 17292 2cba5f 17291->17292 17293 2c8de9 _free 20 API calls 17292->17293 17294 2cba6a 17293->17294 17295 2cb9c5 __fassign 20 API calls 17294->17295 17296 2cba78 17295->17296 17297 2cb9c5 __fassign 20 API calls 17296->17297 17298 2cba86 17297->17298 17299 2cb9c5 __fassign 20 API calls 17298->17299 17300 2cba97 17299->17300 17301 2cb9c5 __fassign 20 API calls 17300->17301 17302 2cbaa5 17301->17302 17303 2cb9c5 __fassign 20 API calls 17302->17303 17304 2cbab3 17303->17304 17305 2c8de9 _free 20 API calls 17304->17305 17306 2cbabe 17305->17306 17307 2c8de9 _free 20 API calls 17306->17307 17308 2cbac9 17307->17308 17309 2c8de9 _free 20 API calls 17308->17309 17310 2cbad4 17309->17310 17311 2c8de9 _free 20 API calls 17310->17311 17311->17277 17313 2cb9fc 17312->17313 17314 2cb9ec 17312->17314 17313->17281 17314->17313 17315 2c8de9 _free 20 API calls 17314->17315 17315->17314 17316->17201 17338 2c241c 17341 2c385f 17338->17341 17342 2c386d ___except_validate_context_record 17341->17342 17350 2c2fec 17342->17350 17344 2c3873 17345 2c38b2 17344->17345 17348 2c38d8 17344->17348 17349 2c2442 17344->17349 17345->17349 17363 2c3c14 17345->17363 17348->17349 17366 2c3332 17348->17366 17410 2c2ffa 17350->17410 17352 2c2ff1 17352->17344 17422 2cc0a6 17352->17422 17355 2c8668 17357 2c8672 IsProcessorFeaturePresent 17355->17357 17358 2c8690 17355->17358 17360 2c867d 17357->17360 17359 2c7d76 _abort 28 API calls 17358->17359 17362 2c869a 17359->17362 17361 2c4476 _abort 8 API calls 17360->17361 17361->17358 17481 2c3c2c 17363->17481 17365 2c3c27 17365->17349 17369 2c3352 FindHandler 17366->17369 17367 2c854a _unexpected 38 API calls 17368 2c36bf 17367->17368 17371 2c3472 17369->17371 17374 2c2fec CallCatchBlock 48 API calls 17369->17374 17407 2c346d 17369->17407 17370 2c3628 17372 2c3626 17370->17372 17370->17407 17521 2c36c0 17370->17521 17371->17370 17375 2c34be 17371->17375 17373 2c2fec CallCatchBlock 48 API calls 17372->17373 17373->17407 17377 2c33b0 17374->17377 17381 2c35d3 ___DestructExceptionObject 17375->17381 17506 2c20a7 17375->17506 17378 2c3656 17377->17378 17380 2c2fec CallCatchBlock 48 API calls 17377->17380 17378->17349 17382 2c33be 17380->17382 17381->17372 17385 2c3d14 IsInExceptionSpec 38 API calls 17381->17385 17381->17407 17383 2c2fec CallCatchBlock 48 API calls 17382->17383 17389 2c33c6 17383->17389 17384 2c34d8 ___TypeMatch 17384->17381 17511 2c32b2 17384->17511 17386 2c3620 17385->17386 17386->17372 17388 2c367b 17386->17388 17387 2c2fec CallCatchBlock 48 API calls 17390 2c340f 17387->17390 17391 2c2fec CallCatchBlock 48 API calls 17388->17391 17389->17387 17389->17407 17390->17371 17394 2c2fec CallCatchBlock 48 API calls 17390->17394 17392 2c3680 17391->17392 17393 2c2fec CallCatchBlock 48 API calls 17392->17393 17395 2c3688 17393->17395 17396 2c3419 17394->17396 17538 2c2292 RtlUnwind 17395->17538 17397 2c2fec CallCatchBlock 48 API calls 17396->17397 17400 2c3424 17397->17400 17501 2c3d14 17400->17501 17401 2c369f 17403 2c3c14 __InternalCxxFrameHandler 48 API calls 17401->17403 17405 2c36ab FindHandler 17403->17405 17404 2c3430 17404->17371 17408 2c3436 ___DestructExceptionObject FindHandler type_info::operator== 17404->17408 17539 2c3b90 17405->17539 17407->17367 17407->17378 17408->17407 17409 2c203a __CxxThrowException@8 RaiseException 17408->17409 17409->17388 17411 2c3006 GetLastError 17410->17411 17412 2c3003 17410->17412 17452 2c4040 17411->17452 17412->17352 17415 2c3080 SetLastError 17415->17352 17416 2c407b ___vcrt_FlsSetValue 6 API calls 17417 2c3034 CallCatchBlock 17416->17417 17418 2c305c 17417->17418 17419 2c407b ___vcrt_FlsSetValue 6 API calls 17417->17419 17421 2c303a 17417->17421 17420 2c407b ___vcrt_FlsSetValue 6 API calls 17418->17420 17418->17421 17419->17418 17420->17421 17421->17415 17457 2cc014 17422->17457 17425 2cc101 17426 2cc10d _unexpected 17425->17426 17427 2c8b29 _free 20 API calls 17426->17427 17432 2cc13a _abort 17426->17432 17434 2cc134 _abort 17426->17434 17427->17434 17428 2cc186 17430 2c517e _free 20 API calls 17428->17430 17429 2cc169 17433 2d1b19 _abort 5 API calls 17429->17433 17431 2cc18b 17430->17431 17435 2c4640 __mbsinc 26 API calls 17431->17435 17438 2cc1b2 17432->17438 17471 2cb0d1 EnterCriticalSection 17432->17471 17436 2cc308 17433->17436 17434->17428 17434->17429 17434->17432 17435->17429 17436->17355 17439 2cc211 17438->17439 17441 2cc209 17438->17441 17449 2cc23c 17438->17449 17472 2cb121 LeaveCriticalSection 17438->17472 17439->17449 17473 2cc0f8 17439->17473 17444 2c7d76 _abort 28 API calls 17441->17444 17444->17439 17447 2c8aa5 _unexpected 38 API calls 17450 2cc29f 17447->17450 17448 2cc0f8 _abort 38 API calls 17448->17449 17476 2cc2c1 17449->17476 17450->17429 17451 2c8aa5 _unexpected 38 API calls 17450->17451 17451->17429 17453 2c3f5b try_get_function 5 API calls 17452->17453 17454 2c405a 17453->17454 17455 2c4072 TlsGetValue 17454->17455 17456 2c301b 17454->17456 17455->17456 17456->17415 17456->17416 17456->17421 17460 2cbfba 17457->17460 17459 2c865d 17459->17355 17459->17425 17461 2cbfc6 CallCatchBlock 17460->17461 17466 2cb0d1 EnterCriticalSection 17461->17466 17463 2cbfd4 17467 2cc008 17463->17467 17465 2cbffb __onexit 17465->17459 17466->17463 17470 2cb121 LeaveCriticalSection 17467->17470 17469 2cc012 17469->17465 17470->17469 17471->17438 17472->17441 17474 2c8aa5 _unexpected 38 API calls 17473->17474 17475 2cc0fd 17474->17475 17475->17448 17477 2cc290 17476->17477 17478 2cc2c7 17476->17478 17477->17429 17477->17447 17477->17450 17480 2cb121 LeaveCriticalSection 17478->17480 17480->17477 17482 2c3c38 FindHandler CallCatchBlock 17481->17482 17483 2c2fec CallCatchBlock 48 API calls 17482->17483 17489 2c3c53 __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 17483->17489 17484 2c3cd3 17487 2c3cd8 __FrameHandler3::FrameUnwindToState 17484->17487 17495 2c854a 17484->17495 17487->17365 17489->17484 17490 2c3cfa 17489->17490 17491 2c2fec CallCatchBlock 48 API calls 17490->17491 17492 2c3cff 17491->17492 17493 2c3d0a 17492->17493 17494 2c2fec CallCatchBlock 48 API calls 17492->17494 17493->17484 17494->17493 17496 2c8556 _unexpected 17495->17496 17497 2c8aa5 _unexpected 38 API calls 17496->17497 17500 2c855b 17497->17500 17498 2c8658 _abort 38 API calls 17499 2c8585 17498->17499 17500->17498 17502 2c3da8 17501->17502 17503 2c3d28 ___TypeMatch 17501->17503 17504 2c854a _unexpected 38 API calls 17502->17504 17503->17404 17505 2c3dad 17504->17505 17507 2c20cb 17506->17507 17508 2c2110 17507->17508 17509 2c854a _unexpected 38 API calls 17507->17509 17508->17384 17510 2c2128 17509->17510 17512 2c32d1 17511->17512 17513 2c32c4 17511->17513 17555 2c2292 RtlUnwind 17512->17555 17551 2c3219 17513->17551 17516 2c32e6 17517 2c3c2c __FrameHandler3::FrameUnwindToState 48 API calls 17516->17517 17518 2c32f7 __FrameHandler3::FrameUnwindToState 17517->17518 17556 2c39c2 17518->17556 17520 2c331f FindHandler 17520->17384 17522 2c3724 17521->17522 17523 2c36d2 17521->17523 17522->17372 17524 2c2fec CallCatchBlock 48 API calls 17523->17524 17525 2c36d9 17524->17525 17526 2c371d 17525->17526 17527 2c36e2 EncodePointer 17525->17527 17526->17522 17529 2c373c 17526->17529 17530 2c37cb 17526->17530 17528 2c2fec CallCatchBlock 48 API calls 17527->17528 17535 2c36f1 17528->17535 17532 2c20a7 pair 38 API calls 17529->17532 17531 2c854a _unexpected 38 API calls 17530->17531 17533 2c37d0 17531->17533 17534 2c374f 17532->17534 17534->17522 17537 2c32b2 FindHandler 50 API calls 17534->17537 17535->17526 17536 2c2187 _CallSETranslator 48 API calls 17535->17536 17536->17526 17537->17534 17538->17401 17540 2c3b9c __EH_prolog3_catch 17539->17540 17541 2c2fec CallCatchBlock 48 API calls 17540->17541 17542 2c3ba1 17541->17542 17543 2c3bc4 17542->17543 17615 2c42ae 17542->17615 17545 2c854a _unexpected 38 API calls 17543->17545 17547 2c3bc9 17545->17547 17552 2c3225 CallCatchBlock 17551->17552 17570 2c30da 17552->17570 17554 2c324d ___AdjustPointer BuildCatchObjectHelperInternal 17554->17512 17555->17516 17557 2c39ce CallCatchBlock 17556->17557 17577 2c2316 17557->17577 17560 2c2fec CallCatchBlock 48 API calls 17561 2c39fa 17560->17561 17562 2c2fec CallCatchBlock 48 API calls 17561->17562 17563 2c3a05 17562->17563 17564 2c2fec CallCatchBlock 48 API calls 17563->17564 17565 2c3a10 17564->17565 17566 2c2fec CallCatchBlock 48 API calls 17565->17566 17567 2c3a18 _CallCatchBlock2 17566->17567 17582 2c3b0a 17567->17582 17569 2c3af2 17569->17520 17571 2c30e6 CallCatchBlock 17570->17571 17572 2c854a _unexpected 38 API calls 17571->17572 17573 2c3161 ___AdjustPointer BuildCatchObjectHelperInternal 17571->17573 17574 2c3218 CallCatchBlock 17572->17574 17573->17554 17575 2c30da BuildCatchObjectHelperInternal 38 API calls 17574->17575 17576 2c324d ___AdjustPointer BuildCatchObjectHelperInternal 17575->17576 17576->17554 17578 2c2fec CallCatchBlock 48 API calls 17577->17578 17579 2c2327 17578->17579 17580 2c2fec CallCatchBlock 48 API calls 17579->17580 17581 2c2332 17580->17581 17581->17560 17591 2c233a 17582->17591 17584 2c3b1b 17585 2c2fec CallCatchBlock 48 API calls 17584->17585 17586 2c3b21 17585->17586 17587 2c2fec CallCatchBlock 48 API calls 17586->17587 17589 2c3b2c 17587->17589 17588 2c3b6d ___DestructExceptionObject 17588->17569 17589->17588 17607 2c2bad 17589->17607 17592 2c2fec CallCatchBlock 48 API calls 17591->17592 17593 2c2343 17592->17593 17594 2c2fec CallCatchBlock 48 API calls 17593->17594 17596 2c234b 17594->17596 17595 2c854a _unexpected 38 API calls 17597 2c237e 17595->17597 17596->17595 17598 2c2353 17596->17598 17599 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 17597->17599 17598->17584 17600 2c2393 17599->17600 17601 2c385f __InternalCxxFrameHandler 51 API calls 17600->17601 17606 2c239e 17600->17606 17602 2c23d6 17601->17602 17603 2c23ed 17602->17603 17610 2c2292 RtlUnwind 17602->17610 17611 2c2187 17603->17611 17606->17584 17608 2c2fec CallCatchBlock 48 API calls 17607->17608 17609 2c2bb5 17608->17609 17609->17588 17610->17603 17612 2c21a9 17611->17612 17614 2c2197 17611->17614 17613 2c2fec CallCatchBlock 48 API calls 17612->17613 17613->17614 17614->17606 17616 2c2fec CallCatchBlock 48 API calls 17615->17616 17617 2c42b4 17616->17617 17618 2c854a _unexpected 38 API calls 17617->17618 17619 2c42ca 17618->17619 17625 2c0619 17627 2c0623 17625->17627 17626 2b7ae6 ___delayLoadHelper2@8 17 API calls 17626->17627 17627->17626 15032 2c0762 15033 2c076e CallCatchBlock 15032->15033 15062 2c0d67 15033->15062 15035 2c0775 15036 2c08c8 15035->15036 15039 2c079f 15035->15039 15503 2c10ff IsProcessorFeaturePresent 15036->15503 15038 2c08cf 15040 2c08d5 15038->15040 15507 2c7dc4 15038->15507 15051 2c07de ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 15039->15051 15478 2c7ae9 15039->15478 15510 2c7d76 15040->15510 15046 2c07be 15048 2c083f 15073 2c1219 15048->15073 15050 2c0845 15077 2b52f0 InterlockedExchange 15050->15077 15051->15048 15486 2c7d8c 15051->15486 15057 2c0865 15058 2c086e 15057->15058 15494 2c7d67 15057->15494 15497 2c0ef6 15058->15497 15063 2c0d70 15062->15063 15513 2c153d IsProcessorFeaturePresent 15063->15513 15067 2c0d81 15068 2c0d85 15067->15068 15524 2c84c7 15067->15524 15068->15035 15071 2c0d9c 15071->15035 15660 2c1ee0 15073->15660 15076 2c123f 15076->15050 15662 2b33a0 15077->15662 15080 2b7fe0 30 API calls 15081 2b54cb 15080->15081 15082 2b5577 15081->15082 15083 2b54d6 GetCurrentProcess 15081->15083 15706 2b8080 GetModuleHandleW GetProcAddress 15082->15706 15683 2b7e70 OpenProcessToken 15083->15683 15086 2b5583 15088 2b55c7 15086->15088 15089 2b5587 InterlockedExchange InterlockedExchange 15086->15089 15720 2b3b30 LoadStringW 15088->15720 15091 2b55b5 15089->15091 15101 2b5523 15089->15101 15095 2b3b70 9 API calls 15091->15095 15094 2b43e0 59 API calls 15098 2b75c8 15094->15098 15095->15101 15102 2b4440 61 API calls 15098->15102 15099 2b563b 15723 2bcf50 15099->15723 15100 2b55e9 GetLastError 15100->15099 15104 2b55f6 InterlockedExchange 15100->15104 15101->15094 15105 2b75d4 15102->15105 15106 2b3b30 6 API calls 15104->15106 15107 2b75e9 15105->15107 15108 2b75e2 CloseHandle 15105->15108 15109 2b5612 15106->15109 15110 2b75fa 15107->15110 15111 2b75f3 CloseHandle 15107->15111 15108->15107 15788 2b11b0 FindWindowW 15109->15788 15117 2b760b 15110->15117 15118 2b7604 CloseHandle 15110->15118 15111->15110 15124 2b7fe0 30 API calls 15117->15124 15118->15117 15145 2b7610 ___scrt_fastfail 15124->15145 15125 2b3b30 6 API calls 15129 2b562d 15125->15129 15132 2b11b0 2 API calls 15129->15132 15131 2b770d 15134 2b7717 ReleaseMutex CloseHandle 15131->15134 15135 2b7725 15131->15135 15138 2b5633 15132->15138 15134->15135 15892 2b4170 15135->15892 15138->15101 15145->15131 15170 2b7699 15145->15170 15146 2b2d50 26 API calls 15151 2b7754 15146->15151 15154 2b2d50 26 API calls 15151->15154 15158 2b775f 15154->15158 15162 2b2d50 26 API calls 15158->15162 15166 2b776a 15162->15166 15169 2b2d50 26 API calls 15166->15169 15173 2b7775 15169->15173 15885 2b4000 15170->15885 15178 2b2d50 26 API calls 15173->15178 15182 2b7780 15178->15182 15179 2b76a0 _wcsrchr 15186 2b4000 26 API calls 15179->15186 15185 2b2d50 26 API calls 15182->15185 15189 2b778b 15185->15189 15190 2b76b2 _wcsrchr 15186->15190 15192 2b2d50 26 API calls 15189->15192 15889 2b4800 15190->15889 15193 2b7796 15192->15193 15194 2b2d50 26 API calls 15193->15194 15200 2b77a1 15194->15200 15206 2b2d50 26 API calls 15200->15206 15210 2b77ac 15206->15210 15214 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15210->15214 15211 2b4800 26 API calls 15216 2b76dd 15211->15216 15220 2b77c6 15214->15220 15222 2b4000 26 API calls 15216->15222 15492 2c124f GetModuleHandleW 15220->15492 15226 2b76e7 CreateHardLinkW 15222->15226 15226->15131 15230 2b76f9 15226->15230 15236 2b4000 26 API calls 15230->15236 15240 2b7706 CopyFileW 15236->15240 15240->15131 15479 2c7b00 15478->15479 15480 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15479->15480 15481 2c07b8 15480->15481 15481->15046 15482 2c7a8d 15481->15482 15483 2c7abc 15482->15483 15484 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15483->15484 15485 2c7ae5 15484->15485 15485->15051 15487 2c7db4 _unexpected __onexit 15486->15487 15487->15048 15488 2c8aa5 _unexpected 38 API calls 15487->15488 15491 2c855b 15488->15491 15489 2c8658 _abort 38 API calls 15490 2c8585 15489->15490 15491->15489 15493 2c0861 15492->15493 15493->15038 15493->15057 17035 2c7b41 15494->17035 15498 2c0f02 15497->15498 15499 2c0876 15498->15499 17113 2c84d9 15498->17113 15499->15046 15502 2c2da4 ___vcrt_uninitialize 8 API calls 15502->15499 15504 2c1114 ___scrt_fastfail 15503->15504 15505 2c11bf IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15504->15505 15506 2c120a ___scrt_fastfail 15505->15506 15506->15038 15508 2c7b41 _abort 28 API calls 15507->15508 15509 2c7dd5 15508->15509 15509->15040 15511 2c7b41 _abort 28 API calls 15510->15511 15512 2c08dd 15511->15512 15514 2c0d7c 15513->15514 15515 2c2d7b 15514->15515 15516 2c2d80 ___vcrt_initialize_winapi_thunks 15515->15516 15535 2c3e2c 15516->15535 15520 2c2d96 15521 2c2da1 15520->15521 15549 2c3e68 15520->15549 15521->15067 15523 2c2d8e 15523->15067 15590 2cbeea 15524->15590 15527 2c2da4 15528 2c2dad 15527->15528 15534 2c2dbe 15527->15534 15529 2c30bf ___vcrt_uninitialize_ptd 6 API calls 15528->15529 15530 2c2db2 15529->15530 15531 2c3e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15530->15531 15532 2c2db7 15531->15532 15656 2c4129 15532->15656 15534->15068 15538 2c3e35 15535->15538 15537 2c3e5e 15540 2c3e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15537->15540 15538->15537 15539 2c2d8a 15538->15539 15553 2c40b9 15538->15553 15539->15523 15541 2c308c 15539->15541 15540->15539 15571 2c3fca 15541->15571 15544 2c30a1 15544->15520 15547 2c30bc 15547->15520 15550 2c3e92 15549->15550 15551 2c3e73 15549->15551 15550->15523 15552 2c3e7d DeleteCriticalSection 15551->15552 15552->15550 15552->15552 15558 2c3f5b 15553->15558 15555 2c40d3 15556 2c40f1 InitializeCriticalSectionAndSpinCount 15555->15556 15557 2c40dc 15555->15557 15556->15557 15557->15538 15559 2c3f83 15558->15559 15563 2c3f7f __crt_fast_encode_pointer 15558->15563 15559->15563 15564 2c3e97 15559->15564 15562 2c3f9d GetProcAddress 15562->15563 15563->15555 15566 2c3ea6 try_get_first_available_module 15564->15566 15565 2c3ec3 LoadLibraryExW 15565->15566 15567 2c3ede GetLastError 15565->15567 15566->15565 15568 2c3f39 FreeLibrary 15566->15568 15569 2c3f50 15566->15569 15570 2c3f11 LoadLibraryExW 15566->15570 15567->15566 15568->15566 15569->15562 15569->15563 15570->15566 15572 2c3f5b try_get_function 5 API calls 15571->15572 15573 2c3fe4 15572->15573 15574 2c3ffd TlsAlloc 15573->15574 15575 2c3096 15573->15575 15575->15544 15576 2c407b 15575->15576 15577 2c3f5b try_get_function 5 API calls 15576->15577 15578 2c4095 15577->15578 15579 2c40b0 TlsSetValue 15578->15579 15580 2c30af 15578->15580 15579->15580 15580->15547 15581 2c30bf 15580->15581 15582 2c30c9 15581->15582 15583 2c30cf 15581->15583 15585 2c4005 15582->15585 15583->15544 15586 2c3f5b try_get_function 5 API calls 15585->15586 15587 2c401f 15586->15587 15588 2c4037 TlsFree 15587->15588 15589 2c402b 15587->15589 15588->15589 15589->15583 15591 2cbf07 15590->15591 15594 2cbf03 15590->15594 15591->15594 15596 2c9f80 15591->15596 15592 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15593 2c0d8e 15592->15593 15593->15071 15593->15527 15594->15592 15597 2c9f8c CallCatchBlock 15596->15597 15608 2cb0d1 EnterCriticalSection 15597->15608 15599 2c9f93 15609 2cb685 15599->15609 15601 2c9fa2 15607 2c9fb1 15601->15607 15622 2c9e09 GetStartupInfoW 15601->15622 15605 2c9fc2 __onexit 15605->15591 15633 2c9fcd 15607->15633 15608->15599 15610 2cb691 CallCatchBlock 15609->15610 15611 2cb69e 15610->15611 15612 2cb6b5 15610->15612 15613 2c517e _free 20 API calls 15611->15613 15636 2cb0d1 EnterCriticalSection 15612->15636 15615 2cb6a3 15613->15615 15616 2c4640 __mbsinc 26 API calls 15615->15616 15618 2cb6ad __onexit 15616->15618 15617 2cb6ed 15644 2cb714 15617->15644 15618->15601 15619 2cb6c1 15619->15617 15637 2cb5d6 15619->15637 15623 2c9eb8 15622->15623 15624 2c9e26 15622->15624 15628 2c9ebf 15623->15628 15624->15623 15625 2cb685 27 API calls 15624->15625 15626 2c9e4f 15625->15626 15626->15623 15627 2c9e7d GetFileType 15626->15627 15627->15626 15629 2c9ec6 15628->15629 15630 2c9f09 GetStdHandle 15629->15630 15631 2c9f71 15629->15631 15632 2c9f1c GetFileType 15629->15632 15630->15629 15631->15607 15632->15629 15655 2cb121 LeaveCriticalSection 15633->15655 15635 2c9fd4 15635->15605 15636->15619 15638 2ca272 _unexpected 20 API calls 15637->15638 15639 2cb5e8 15638->15639 15643 2cb5f5 15639->15643 15647 2cb3aa 15639->15647 15640 2c8de9 _free 20 API calls 15641 2cb647 15640->15641 15641->15619 15643->15640 15654 2cb121 LeaveCriticalSection 15644->15654 15646 2cb71b 15646->15618 15648 2cb138 _unexpected 5 API calls 15647->15648 15649 2cb3d1 15648->15649 15650 2cb3ef InitializeCriticalSectionAndSpinCount 15649->15650 15651 2cb3da 15649->15651 15650->15651 15652 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15651->15652 15653 2cb406 15652->15653 15653->15639 15654->15646 15655->15635 15657 2c4158 15656->15657 15658 2c4132 15656->15658 15657->15534 15658->15657 15659 2c4142 FreeLibrary 15658->15659 15659->15658 15661 2c122c GetStartupInfoW 15660->15661 15661->15076 15666 2b33e0 ___scrt_fastfail 15662->15666 15663 2b3653 15664 2b3669 15663->15664 15665 2b389f 15663->15665 15671 2b368b 15663->15671 15668 2b2bb0 45 API calls 15664->15668 15664->15671 15928 2b3c10 15665->15928 15666->15663 15666->15665 15916 2b2bb0 15666->15916 15668->15671 15669 2b38a4 15672 2b3c10 45 API calls 15669->15672 15670 2b37aa 15675 2b38ae 15670->15675 15682 2b382a 15670->15682 15671->15669 15671->15670 15681 2b37db 15671->15681 15673 2b38a9 15672->15673 15677 2c4650 26 API calls 15673->15677 15678 2c4650 26 API calls 15675->15678 15676 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15679 2b389b 15676->15679 15677->15675 15680 2b38b3 15678->15680 15679->15080 15681->15673 15681->15682 15682->15676 15684 2b7eba GetTokenInformation 15683->15684 15685 2b7f73 GetLastError 15683->15685 15960 2c0ce3 15684->15960 15686 2b7da0 27 API calls 15685->15686 15688 2b7f87 15686->15688 15692 2c203a __CxxThrowException@8 RaiseException 15688->15692 15691 2b7f95 GetLastError 15695 2b7da0 27 API calls 15691->15695 15692->15691 15694 2b7fb7 GetLastError 15698 2b7da0 27 API calls 15694->15698 15697 2b7fa9 15695->15697 15701 2c203a __CxxThrowException@8 RaiseException 15697->15701 15699 2b7fcb 15698->15699 15702 2c203a __CxxThrowException@8 RaiseException 15699->15702 15701->15694 15704 2b7fd9 15702->15704 15707 2b80bf GetCurrentProcess 15706->15707 15708 2b80ae 15706->15708 15711 2b80e0 15707->15711 15709 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15708->15709 15710 2b80bb 15709->15710 15710->15086 15712 2b8101 GetLastError 15711->15712 15713 2b80e6 15711->15713 15715 2b7da0 27 API calls 15712->15715 15714 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15713->15714 15716 2b80fd 15714->15716 15717 2b8115 15715->15717 15716->15086 15718 2c203a __CxxThrowException@8 RaiseException 15717->15718 15719 2b8123 15718->15719 15721 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 15720->15721 15722 2b3b68 CreateMutexW 15721->15722 15722->15099 15722->15100 15961 2bb0e0 15723->15961 15789 2b11c2 SetForegroundWindow 15788->15789 15790 2b11cd 15788->15790 15789->15790 15790->15101 15790->15125 15886 2b4009 15885->15886 15888 2b4013 15885->15888 17029 2c4f49 15886->17029 15888->15179 15890 2c5090 26 API calls 15889->15890 15891 2b4813 15890->15891 15891->15211 15893 2b4188 15892->15893 15894 2b41a6 15892->15894 15893->15894 15895 2b4199 Sleep 15893->15895 15894->15146 15895->15893 15895->15894 15917 2b2d47 15916->15917 15921 2b2be0 15916->15921 15943 2b3c00 15917->15943 15920 2b2c1a 15933 2c0bcf 15920->15933 15921->15920 15923 2b2c4e 15921->15923 15924 2c0bcf 22 API calls 15923->15924 15926 2b2c38 15923->15926 15924->15926 15925 2c4650 26 API calls 15925->15917 15926->15925 15926->15926 15927 2b2d15 15926->15927 15927->15666 15929 2c05bd 45 API calls 15928->15929 15930 2b3c1a 15929->15930 15931 2c0bcf 22 API calls 15930->15931 15932 2b3c4e 15931->15932 15932->15669 15936 2c0bd4 15933->15936 15934 2c5196 ___std_exception_copy 21 API calls 15934->15936 15935 2c0bee 15935->15926 15936->15934 15936->15935 15937 2c7f33 _unexpected 7 API calls 15936->15937 15939 2c0bf0 15936->15939 15937->15936 15938 2c151f 15940 2c203a __CxxThrowException@8 RaiseException 15938->15940 15939->15938 15942 2c203a __CxxThrowException@8 RaiseException 15939->15942 15941 2c153c 15940->15941 15942->15938 15944 2c059d std::_Xinvalid_argument 28 API calls 15943->15944 15945 2b3c0a 15944->15945 15950 2c05bd 15945->15950 15957 2c054b 15950->15957 15953 2c203a __CxxThrowException@8 RaiseException 15954 2c05dc 15953->15954 15955 2b7ae6 ___delayLoadHelper2@8 17 API calls 15954->15955 15956 2c05f4 15955->15956 15958 2c0493 std::exception::exception 27 API calls 15957->15958 15959 2c055d 15958->15959 15959->15953 16046 2bb780 15961->16046 15964 2bb12c 15971 2bb780 39 API calls 15964->15971 15965 2bb741 16271 2b9da0 15965->16271 15967 2bb74b 15968 2b9da0 RaiseException 15967->15968 15969 2bb755 15968->15969 15970 2b9da0 RaiseException 15969->15970 15972 2bb75f 15970->15972 15973 2bb152 15971->15973 15975 2b9da0 RaiseException 15972->15975 15973->15967 15974 2bb15c 15973->15974 15980 2bb780 39 API calls 15974->15980 15976 2bb769 15975->15976 15977 2b9da0 RaiseException 15976->15977 15978 2bb773 15977->15978 15979 2c4650 26 API calls 15978->15979 15981 2bb778 15979->15981 15982 2bb182 15980->15982 15983 2c4650 26 API calls 15981->15983 15982->15969 15984 2bb18c 15982->15984 15985 2bb77d 15983->15985 15986 2bb780 39 API calls 15984->15986 15987 2bb1b2 15986->15987 15987->15972 15988 2bb1bc 15987->15988 16061 2b9530 15988->16061 15990 2bb1f2 15991 2bb780 39 API calls 15990->15991 15992 2bb20a 15991->15992 15992->15976 15993 2bb214 15992->15993 16132 2b8dc0 15993->16132 15995 2bb24f 16150 2b9450 CryptCreateHash 15995->16150 15998 2b8dc0 35 API calls 15999 2bb287 15998->15999 16000 2b9450 31 API calls 15999->16000 16001 2bb2a5 16000->16001 16161 2bc500 16001->16161 16047 2bb7b1 16046->16047 16058 2bb79d 16046->16058 16275 2c0aca EnterCriticalSection 16047->16275 16049 2bb7bb 16051 2bb7c7 GetProcessHeap 16049->16051 16049->16058 16050 2c0aca 5 API calls 16052 2bb81b 16050->16052 16280 2c0f59 16051->16280 16055 2c0f59 29 API calls 16052->16055 16060 2bb122 16052->16060 16057 2bb874 16055->16057 16059 2c0a80 4 API calls 16057->16059 16058->16050 16058->16060 16059->16060 16060->15964 16060->15965 16062 2bb780 39 API calls 16061->16062 16063 2b9566 16062->16063 16064 2b981a 16063->16064 16065 2b9571 16063->16065 16066 2b9da0 RaiseException 16064->16066 16071 2bb780 39 API calls 16065->16071 16067 2b9824 16066->16067 16068 2b9da0 RaiseException 16067->16068 16069 2b982e 16068->16069 16070 2b9da0 RaiseException 16069->16070 16072 2b9838 16070->16072 16073 2b9595 16071->16073 16074 2b9da0 RaiseException 16072->16074 16073->16067 16075 2b95a0 16073->16075 16076 2b9842 16074->16076 16081 2bb780 39 API calls 16075->16081 16077 2b9da0 RaiseException 16076->16077 16078 2b984c 16077->16078 16079 2b9da0 RaiseException 16078->16079 16080 2b9856 16079->16080 16082 2b9da0 RaiseException 16080->16082 16083 2b95c4 16081->16083 16084 2b9860 16082->16084 16083->16069 16085 2b95cf 16083->16085 16086 2b9da0 RaiseException 16084->16086 16091 2bb780 39 API calls 16085->16091 16087 2b986a 16086->16087 16088 2b9da0 RaiseException 16087->16088 16089 2b9874 16088->16089 16090 2b9da0 RaiseException 16089->16090 16092 2b987e 16090->16092 16093 2b95f3 16091->16093 16094 2b9da0 RaiseException 16092->16094 16093->16072 16095 2b95fe 16093->16095 16096 2b9888 16094->16096 16101 2bb780 39 API calls 16095->16101 16097 2b9da0 RaiseException 16096->16097 16098 2b9892 16097->16098 16099 2b9da0 RaiseException 16098->16099 16100 2b97c9 16099->16100 16102 2b9da0 RaiseException 16100->16102 16131 2b97d4 16100->16131 16103 2b9622 16101->16103 16104 2b98a6 16102->16104 16103->16076 16105 2b962d 16103->16105 16104->15990 16106 2bb780 39 API calls 16105->16106 16107 2b9651 16106->16107 16107->16078 16108 2b965c 16107->16108 16109 2bb780 39 API calls 16108->16109 16110 2b9680 16109->16110 16110->16080 16111 2b968b 16110->16111 16112 2bb780 39 API calls 16111->16112 16113 2b96af 16112->16113 16113->16084 16114 2b96ba 16113->16114 16115 2bb780 39 API calls 16114->16115 16116 2b96de 16115->16116 16116->16087 16117 2b96e9 16116->16117 16118 2bb780 39 API calls 16117->16118 16119 2b970d 16118->16119 16119->16089 16120 2b9718 16119->16120 16121 2bb780 39 API calls 16120->16121 16122 2b973c 16121->16122 16122->16092 16123 2b9747 16122->16123 16124 2bb780 39 API calls 16123->16124 16125 2b976b 16124->16125 16125->16096 16126 2b9776 16125->16126 16127 2bb780 39 API calls 16126->16127 16128 2b979a 16127->16128 16128->16098 16129 2b97a5 16128->16129 16130 2bb780 39 API calls 16129->16130 16130->16100 16131->15990 16133 2b8e3e ___scrt_fastfail 16132->16133 16134 2b7fe0 30 API calls 16133->16134 16135 2b8e46 16134->16135 16136 2b8e4d lstrcatA 16135->16136 16137 2b8e5c CryptAcquireContextA 16135->16137 16136->16137 16138 2b8ea7 GetLastError 16137->16138 16139 2b8e77 16137->16139 16142 2b7da0 27 API calls 16138->16142 16140 2b8e8b 16139->16140 16141 2b8e82 CryptReleaseContext 16139->16141 16143 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 16140->16143 16141->16140 16144 2b8ebe 16142->16144 16145 2b8ea3 16143->16145 16146 2c203a __CxxThrowException@8 RaiseException 16144->16146 16145->15995 16147 2b8ecf 16146->16147 16148 2b8edf 16147->16148 16149 2b8ed6 CryptReleaseContext 16147->16149 16148->15995 16149->16148 16151 2b947a 16150->16151 16152 2b949f GetLastError 16150->16152 16153 2b9488 CryptDestroyHash 16151->16153 16154 2b948f 16151->16154 16155 2b7da0 27 API calls 16152->16155 16153->16154 16156 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 16154->16156 16157 2b94b3 16155->16157 16158 2b9499 16156->16158 16159 2c203a __CxxThrowException@8 RaiseException 16157->16159 16158->15998 16160 2b94c1 16159->16160 16162 2bb780 39 API calls 16161->16162 16163 2bc53d 16162->16163 16164 2bc88c 16163->16164 16165 2bc547 16163->16165 16166 2b9da0 RaiseException 16164->16166 16171 2bb780 39 API calls 16165->16171 16167 2bc896 16166->16167 16168 2b9da0 RaiseException 16167->16168 16169 2bc8a0 16168->16169 16170 2b9da0 RaiseException 16169->16170 16172 2bc8aa 16170->16172 16173 2bc56a 16171->16173 16174 2b9da0 RaiseException 16172->16174 16173->16167 16175 2bc574 16173->16175 16176 2bc8b4 16174->16176 16177 2bb780 39 API calls 16175->16177 16178 2bc594 16177->16178 16178->16169 16179 2bc59e 16178->16179 16180 2bc5f7 GetSystemDirectoryW 16179->16180 16181 2bc920 2 API calls 16179->16181 16182 2bc607 GetLastError 16180->16182 16184 2bc614 16180->16184 16183 2bc5f4 16181->16183 16182->16184 16183->16180 16184->16172 16185 2bc677 GetVolumePathNameW 16184->16185 16189 2bc7fd 16184->16189 16327 2bc920 16184->16327 16187 2bc688 GetLastError 16185->16187 16193 2bc693 16185->16193 16187->16193 16190 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 16189->16190 16191 2bb3f1 16190->16191 16207 2ba100 16191->16207 16192 2bc6e5 GetVolumeNameForVolumeMountPointW 16195 2bc6f6 GetLastError 16192->16195 16204 2bc701 16192->16204 16193->16172 16193->16189 16193->16192 16194 2bc920 2 API calls 16193->16194 16196 2bc6e2 16194->16196 16195->16204 16196->16192 16197 2bc79e CreateFileW 16198 2bc7b8 GetLastError 16197->16198 16199 2bc7c3 DeviceIoControl 16197->16199 16198->16189 16200 2bc7ee 16199->16200 16201 2bc7e3 GetLastError 16199->16201 16202 2bc7f6 CloseHandle 16200->16202 16201->16202 16202->16189 16203 2bc789 16203->16172 16206 2bc795 16203->16206 16204->16172 16204->16189 16204->16197 16204->16203 16205 2bc920 2 API calls 16204->16205 16205->16203 16206->16197 16208 2bb780 39 API calls 16207->16208 16209 2ba144 16208->16209 16210 2ba14e GetVersion 16209->16210 16211 2ba4b7 16209->16211 16353 2b9ff0 16210->16353 16212 2b9da0 RaiseException 16211->16212 16213 2ba4c1 16212->16213 16214 2b9da0 RaiseException 16213->16214 16216 2ba4cb 16214->16216 16218 2b9da0 RaiseException 16216->16218 16220 2ba4d5 16218->16220 16219 2ba19a CreateFileW 16222 2ba1b9 GetLastError 16219->16222 16223 2ba1c7 16219->16223 16221 2bcc40 RaiseException 16220->16221 16224 2ba4da 16221->16224 16227 2ba46e 16222->16227 16225 2c5196 ___std_exception_copy 21 API calls 16223->16225 16226 2ba1d1 ___scrt_fastfail 16225->16226 16229 2ba1f6 DeviceIoControl 16226->16229 16256 2ba1dd 16226->16256 16230 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 16227->16230 16228 2ba465 CloseHandle 16228->16227 16231 2ba22b GetLastError 16229->16231 16234 2ba239 16229->16234 16232 2ba4b3 16230->16232 16231->16228 16262 2ba4e0 16232->16262 16233 2ba41b 16235 2ba438 16233->16235 16236 2ba422 16233->16236 16234->16233 16237 2ba265 16234->16237 16234->16256 16244 2bcb70 27 API calls 16235->16244 16238 2bcb70 27 API calls 16236->16238 16239 2bb780 39 API calls 16237->16239 16240 2ba42e 16238->16240 16242 2ba26e 16239->16242 16243 2bcc50 43 API calls 16240->16243 16242->16213 16247 2ba279 16242->16247 16243->16256 16245 2ba454 16244->16245 16246 2bcc50 43 API calls 16245->16246 16246->16256 16247->16216 16250 2ba2bb 16247->16250 16366 2bc8c0 16247->16366 16370 2bcdd0 16250->16370 16251 2ba2cc 16251->16216 16252 2ba2fa 16251->16252 16253 2ba3d7 16252->16253 16257 2ba334 16252->16257 16258 2ba35a 16252->16258 16400 2bcb70 16253->16400 16256->16228 16257->16220 16257->16258 16260 2ba385 16257->16260 16259 2ba39e 16258->16259 16259->16258 16422 2bcc50 16259->16422 16380 2bcfb0 16260->16380 16263 2bb780 39 API calls 16262->16263 16264 2ba523 16263->16264 16265 2b9da0 RaiseException 16264->16265 16266 2ba8e1 16265->16266 16267 2b9da0 RaiseException 16266->16267 16268 2ba8eb 16267->16268 16269 2bcc40 RaiseException 16268->16269 16270 2ba8f0 16269->16270 16272 2b9daf 16271->16272 16273 2c203a __CxxThrowException@8 RaiseException 16272->16273 16274 2b9dbd 16273->16274 16274->15967 16276 2c0ade 16275->16276 16277 2c0ae3 LeaveCriticalSection 16276->16277 16287 2c0b5e 16276->16287 16277->16049 16290 2c0f1e 16280->16290 16283 2c0a80 EnterCriticalSection LeaveCriticalSection 16284 2c0b1c 16283->16284 16285 2c0b4a SetEvent ResetEvent 16284->16285 16286 2c0b25 16284->16286 16285->16058 16286->16058 16288 2c0b97 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 16287->16288 16289 2c0b6b 16287->16289 16288->16289 16289->16276 16291 2c0f3b 16290->16291 16292 2c0f42 16290->16292 16296 2c831c 16291->16296 16299 2c838c 16292->16299 16295 2bb802 16295->16283 16297 2c838c __onexit 29 API calls 16296->16297 16298 2c832e 16297->16298 16298->16295 16302 2c8093 16299->16302 16305 2c7fc9 16302->16305 16304 2c80b7 16304->16295 16306 2c7fd5 CallCatchBlock 16305->16306 16313 2cb0d1 EnterCriticalSection 16306->16313 16308 2c7fe3 16314 2c81db 16308->16314 16310 2c7ff0 16324 2c800e 16310->16324 16312 2c8001 __onexit 16312->16304 16313->16308 16315 2c81f9 16314->16315 16322 2c81f1 __onexit __crt_fast_encode_pointer 16314->16322 16316 2c8252 16315->16316 16317 2c8586 __onexit 29 API calls 16315->16317 16315->16322 16318 2c8586 __onexit 29 API calls 16316->16318 16316->16322 16319 2c8248 16317->16319 16320 2c8268 16318->16320 16321 2c8de9 _free 20 API calls 16319->16321 16323 2c8de9 _free 20 API calls 16320->16323 16321->16316 16322->16310 16323->16322 16325 2cb121 _abort LeaveCriticalSection 16324->16325 16326 2c8018 16325->16326 16326->16312 16328 2bc939 16327->16328 16330 2bc947 16327->16330 16334 2b9f40 16328->16334 16331 2bc671 16330->16331 16340 2bc9d0 16330->16340 16331->16185 16335 2b9f69 16334->16335 16345 2b9c50 16335->16345 16341 2bc9e3 16340->16341 16342 2bcc40 RaiseException 16341->16342 16344 2bca06 16341->16344 16343 2bca15 16342->16343 16343->16331 16344->16331 16346 2b9c5f 16345->16346 16347 2b9ca4 16345->16347 16346->16347 16352 2b9ce0 RtlAllocateHeap 16346->16352 16349 2bcc40 16347->16349 16350 2b9da0 RaiseException 16349->16350 16351 2bcc4a 16350->16351 16352->16347 16354 2ba005 ___scrt_initialize_default_local_stdio_options 16353->16354 16364 2ba071 16353->16364 16450 2c706b 16354->16450 16355 2b9da0 RaiseException 16356 2ba097 16355->16356 16358 2b9da0 RaiseException 16356->16358 16363 2ba0a1 16358->16363 16360 2ba054 16453 2c708f 16360->16453 16361 2bc920 2 API calls 16361->16360 16363->16219 16364->16355 16365 2ba07b 16364->16365 16365->16219 16367 2bc8e7 16366->16367 16368 2bc913 16367->16368 16732 2bc980 16367->16732 16368->16250 16375 2bcde8 16370->16375 16372 2bce96 16374 2c52a8 42 API calls 16372->16374 16379 2bcf12 16372->16379 16374->16372 16375->16372 16378 2bce64 16375->16378 16737 2c55d7 16375->16737 16741 2c52a8 16375->16741 16746 2c5279 16375->16746 16377 2c5279 42 API calls 16377->16378 16378->16372 16378->16377 16379->16251 16381 2bcfbb 16380->16381 16382 2bcfc0 16380->16382 16381->16259 16383 2bcfdf ___scrt_fastfail 16382->16383 16384 2bcfc7 16382->16384 16388 2bcfef 16383->16388 16390 2bd02b 16383->16390 16391 2bd011 16383->16391 16385 2c517e _free 20 API calls 16384->16385 16386 2bcfcc 16385->16386 16388->16259 16392 2bd021 16390->16392 16394 2c517e _free 20 API calls 16390->16394 16393 2c517e _free 20 API calls 16391->16393 16392->16259 16401 2bcb81 16400->16401 16406 2bcb8e 16400->16406 16821 2b9dd0 16401->16821 16403 2b9da0 RaiseException 16407 2bcc3f 16403->16407 16405 2bcbca 16409 2bcc0e 16405->16409 16410 2bcbd4 16405->16410 16406->16405 16408 2bc8c0 RaiseException 16406->16408 16415 2bcbe8 BuildCatchObjectHelperInternal 16406->16415 16408->16405 16411 2bcfb0 26 API calls 16409->16411 16412 2bcbea 16410->16412 16413 2bcbd8 16410->16413 16411->16415 16412->16415 16417 2c517e _free 20 API calls 16412->16417 16414 2c517e _free 20 API calls 16413->16414 16415->16403 16418 2bcc24 16415->16418 16418->16258 16425 2bcc5f 16422->16425 16443 2bccb7 16422->16443 16424 2c7266 42 API calls 16433 2bccdd 16424->16433 16444 2bcc8e 16425->16444 16826 2c7266 16425->16826 16829 2c71c2 16425->16829 16430 2b9da0 RaiseException 16434 2bcdaf 16430->16434 16440 2bcd88 16440->16430 16448 2bcd96 16440->16448 16443->16424 16443->16440 16444->16440 16444->16443 16447 2bc8c0 RaiseException 16444->16447 16447->16443 16448->16256 16456 2c5bc9 16450->16456 16678 2c5d4e 16453->16678 16455 2c70ae 16455->16364 16457 2c5c09 16456->16457 16458 2c5bf1 16456->16458 16457->16458 16459 2c5c11 16457->16459 16460 2c517e _free 20 API calls 16458->16460 16473 2c4dd3 16459->16473 16462 2c5bf6 16460->16462 16464 2c4640 __mbsinc 26 API calls 16462->16464 16465 2c5c01 16464->16465 16467 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 16465->16467 16469 2ba026 16467->16469 16469->16356 16469->16360 16469->16361 16474 2c4de6 16473->16474 16475 2c4df0 16473->16475 16481 2c6089 16474->16481 16475->16474 16501 2c8aa5 GetLastError 16475->16501 16477 2c4e11 16521 2c8d51 16477->16521 16482 2c60a8 16481->16482 16483 2c517e _free 20 API calls 16482->16483 16484 2c5c99 16483->16484 16485 2c63a8 16484->16485 16561 2c4e82 16485->16561 16487 2c63cd 16488 2c517e _free 20 API calls 16487->16488 16489 2c63d2 16488->16489 16491 2c4640 __mbsinc 26 API calls 16489->16491 16490 2c5ca4 16498 2c60be 16490->16498 16491->16490 16492 2c63b8 16492->16487 16492->16490 16568 2c6505 16492->16568 16575 2c6941 16492->16575 16580 2c653f 16492->16580 16585 2c6568 16492->16585 16616 2c66e4 16492->16616 16499 2c8de9 _free 20 API calls 16498->16499 16500 2c60ce 16499->16500 16500->16465 16502 2c8abb 16501->16502 16503 2c8ac1 16501->16503 16504 2cb2fb _unexpected 11 API calls 16502->16504 16505 2ca272 _unexpected 20 API calls 16503->16505 16507 2c8b10 SetLastError 16503->16507 16504->16503 16506 2c8ad3 16505->16506 16508 2c8adb 16506->16508 16509 2cb351 _unexpected 11 API calls 16506->16509 16507->16477 16511 2c8de9 _free 20 API calls 16508->16511 16510 2c8af0 16509->16510 16510->16508 16512 2c8af7 16510->16512 16513 2c8ae1 16511->16513 16514 2c890c _unexpected 20 API calls 16512->16514 16515 2c8b1c SetLastError 16513->16515 16516 2c8b02 16514->16516 16529 2c8658 16515->16529 16518 2c8de9 _free 20 API calls 16516->16518 16520 2c8b09 16518->16520 16520->16507 16520->16515 16522 2c8d64 16521->16522 16524 2c4e2a 16521->16524 16522->16524 16540 2cbdf4 16522->16540 16525 2c8d7e 16524->16525 16526 2c8da6 16525->16526 16527 2c8d91 16525->16527 16526->16474 16527->16526 16552 2cacee 16527->16552 16530 2cc0a6 _abort EnterCriticalSection LeaveCriticalSection 16529->16530 16531 2c865d 16530->16531 16532 2c8668 16531->16532 16533 2cc101 _abort 37 API calls 16531->16533 16534 2c8672 IsProcessorFeaturePresent 16532->16534 16539 2c8690 16532->16539 16533->16532 16536 2c867d 16534->16536 16535 2c7d76 _abort 28 API calls 16538 2c869a 16535->16538 16537 2c4476 _abort 8 API calls 16536->16537 16537->16539 16539->16535 16541 2cbe00 CallCatchBlock 16540->16541 16542 2c8aa5 _unexpected 38 API calls 16541->16542 16543 2cbe09 16542->16543 16544 2cbe57 __onexit 16543->16544 16545 2cb0d1 _abort EnterCriticalSection 16543->16545 16544->16524 16546 2cbe27 16545->16546 16547 2cbe6b __fassign 20 API calls 16546->16547 16548 2cbe3b 16547->16548 16549 2cbe5a __fassign LeaveCriticalSection 16548->16549 16550 2cbe4e 16549->16550 16550->16544 16551 2c8658 _abort 38 API calls 16550->16551 16551->16544 16553 2cacfa CallCatchBlock 16552->16553 16554 2c8aa5 _unexpected 38 API calls 16553->16554 16559 2cad04 16554->16559 16555 2cb0d1 _abort EnterCriticalSection 16555->16559 16556 2cad88 __onexit 16556->16526 16557 2c8658 _abort 38 API calls 16557->16559 16558 2cad7f __fassign LeaveCriticalSection 16558->16559 16559->16555 16559->16556 16559->16557 16559->16558 16560 2c8de9 _free 20 API calls 16559->16560 16560->16559 16562 2c4e9a 16561->16562 16563 2c4e87 16561->16563 16562->16492 16564 2c517e _free 20 API calls 16563->16564 16565 2c4e8c 16564->16565 16566 2c4640 __mbsinc 26 API calls 16565->16566 16567 2c4e97 16566->16567 16567->16492 16569 2c650a 16568->16569 16570 2c6521 16569->16570 16571 2c517e _free 20 API calls 16569->16571 16570->16492 16572 2c6513 16571->16572 16573 2c4640 __mbsinc 26 API calls 16572->16573 16574 2c651e 16573->16574 16574->16492 16576 2c6948 16575->16576 16577 2c6952 16575->16577 16640 2c621a 16576->16640 16577->16492 16581 2c6546 16580->16581 16583 2c6550 16580->16583 16582 2c621a 39 API calls 16581->16582 16584 2c654f 16582->16584 16583->16492 16584->16492 16586 2c658b 16585->16586 16587 2c6571 16585->16587 16590 2c517e _free 20 API calls 16586->16590 16595 2c65bc 16586->16595 16588 2c670b 16587->16588 16589 2c6776 16587->16589 16587->16595 16601 2c6717 16588->16601 16604 2c674d 16588->16604 16592 2c67bc 16589->16592 16593 2c677d 16589->16593 16589->16604 16591 2c65a8 16590->16591 16594 2c4640 __mbsinc 26 API calls 16591->16594 16671 2c6e13 16592->16671 16596 2c6782 16593->16596 16597 2c6724 16593->16597 16599 2c65b3 16594->16599 16595->16492 16600 2c6787 16596->16600 16596->16604 16606 2c6746 16597->16606 16615 2c6732 16597->16615 16663 2c6a2c 16597->16663 16599->16492 16607 2c678c 16600->16607 16608 2c679a 16600->16608 16601->16597 16605 2c675d 16601->16605 16601->16615 16604->16606 16604->16615 16657 2c6c36 16604->16657 16605->16606 16643 2c6b9e 16605->16643 16610 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 16606->16610 16607->16606 16647 2c6df4 16607->16647 16651 2c6d80 16608->16651 16613 2c693d 16610->16613 16613->16492 16615->16606 16674 2c6f46 16615->16674 16617 2c670b 16616->16617 16618 2c6776 16616->16618 16627 2c674d 16617->16627 16629 2c6717 16617->16629 16619 2c67bc 16618->16619 16620 2c677d 16618->16620 16618->16627 16623 2c6e13 26 API calls 16619->16623 16621 2c6782 16620->16621 16622 2c6724 16620->16622 16626 2c6787 16621->16626 16621->16627 16625 2c6a2c 48 API calls 16622->16625 16638 2c6732 16622->16638 16639 2c6746 16622->16639 16623->16638 16624 2c6c36 26 API calls 16624->16638 16625->16638 16630 2c678c 16626->16630 16631 2c679a 16626->16631 16627->16624 16627->16638 16627->16639 16628 2c675d 16634 2c6b9e 40 API calls 16628->16634 16628->16639 16629->16622 16629->16628 16629->16638 16635 2c6df4 26 API calls 16630->16635 16630->16639 16632 2c6d80 26 API calls 16631->16632 16632->16638 16633 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 16636 2c693d 16633->16636 16634->16638 16635->16638 16636->16492 16637 2c6f46 40 API calls 16637->16639 16638->16637 16638->16639 16639->16633 16641 2c9132 39 API calls 16640->16641 16642 2c6243 16641->16642 16642->16492 16645 2c6bca 16643->16645 16644 2c6bf9 16644->16615 16645->16644 16646 2c915e __fassign 40 API calls 16645->16646 16646->16644 16648 2c6e00 16647->16648 16649 2c6c36 26 API calls 16648->16649 16650 2c6e12 16649->16650 16650->16615 16655 2c6d95 16651->16655 16652 2c517e _free 20 API calls 16653 2c6d9e 16652->16653 16655->16652 16656 2c6da9 16655->16656 16656->16615 16658 2c6c47 16657->16658 16659 2c517e _free 20 API calls 16658->16659 16662 2c6c71 16658->16662 16660 2c6c66 16659->16660 16661 2c4640 __mbsinc 26 API calls 16660->16661 16661->16662 16662->16615 16664 2c6a48 16663->16664 16665 2c5de0 21 API calls 16664->16665 16666 2c6a95 16665->16666 16667 2c9b3d 40 API calls 16666->16667 16668 2c6b0f 16667->16668 16672 2c6c36 26 API calls 16671->16672 16673 2c6e2a 16672->16673 16673->16615 16675 2c6fa6 16674->16675 16677 2c6f58 16674->16677 16675->16606 16676 2c915e __fassign 40 API calls 16676->16677 16677->16675 16677->16676 16679 2c5d6e 16678->16679 16680 2c5d59 16678->16680 16682 2c5db2 16679->16682 16685 2c5d7c 16679->16685 16681 2c517e _free 20 API calls 16680->16681 16684 2c5d5e 16681->16684 16683 2c517e _free 20 API calls 16682->16683 16693 2c5daa 16683->16693 16686 2c4640 __mbsinc 26 API calls 16684->16686 16694 2c5a44 16685->16694 16688 2c5d69 16686->16688 16688->16455 16689 2c4640 __mbsinc 26 API calls 16691 2c5dc2 16689->16691 16691->16455 16692 2c517e _free 20 API calls 16692->16693 16693->16689 16695 2c5a6c 16694->16695 16696 2c5a84 16694->16696 16697 2c517e _free 20 API calls 16695->16697 16696->16695 16698 2c5a8c 16696->16698 16699 2c5a71 16697->16699 16700 2c4dd3 __fassign 38 API calls 16698->16700 16701 2c4640 __mbsinc 26 API calls 16699->16701 16702 2c5a9c 16700->16702 16703 2c5a7c 16701->16703 16705 2c6089 20 API calls 16702->16705 16704 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 16703->16704 16706 2c5ba6 16704->16706 16707 2c5b14 16705->16707 16706->16691 16706->16692 16711 2c6278 16707->16711 16712 2c4e82 26 API calls 16711->16712 16719 2c6288 16712->16719 16713 2c629d 16716 2c5b1f 16719->16713 16719->16716 16720 2c6505 26 API calls 16719->16720 16721 2c66e4 50 API calls 16719->16721 16722 2c6941 39 API calls 16719->16722 16723 2c653f 39 API calls 16719->16723 16724 2c6568 50 API calls 16719->16724 16725 2c6edf 16719->16725 16720->16719 16721->16719 16722->16719 16723->16719 16724->16719 16735 2bc993 16732->16735 16733 2bcc40 RaiseException 16734 2bc9c5 16733->16734 16735->16733 16736 2bc9b6 16735->16736 16736->16368 16738 2c55ef 16737->16738 16739 2c55e5 16737->16739 16738->16375 16751 2c55a3 16739->16751 16742 2c52c4 16741->16742 16743 2c52b6 16741->16743 16742->16375 16811 2c5214 16743->16811 16747 2c5295 16746->16747 16748 2c5287 16746->16748 16747->16375 16816 2c51d9 16748->16816 16754 2c541f 16751->16754 16755 2c4dd3 __fassign 38 API calls 16754->16755 16756 2c5433 16755->16756 16757 2c543e 16756->16757 16760 2c5489 16756->16760 16766 2c5586 16757->16766 16759 2c54b0 16761 2c517e _free 20 API calls 16759->16761 16763 2c54b6 16759->16763 16760->16759 16769 2c8e71 16760->16769 16761->16763 16772 2c90c7 16763->16772 16777 2c4ec7 16766->16777 16770 2c4dd3 __fassign 38 API calls 16769->16770 16771 2c8e84 16770->16771 16771->16759 16773 2c4dd3 __fassign 38 API calls 16772->16773 16778 2c4ee9 16777->16778 16779 2c4ed3 16777->16779 16781 2c4e9d 38 API calls 16778->16781 16779->16778 16780 2c4edb 16779->16780 16812 2c4dd3 __fassign 38 API calls 16811->16812 16813 2c5227 16812->16813 16814 2c4ec7 42 API calls 16813->16814 16815 2c5235 16814->16815 16815->16375 16817 2c4dd3 __fassign 38 API calls 16816->16817 16818 2c51ec 16817->16818 16819 2c4ec7 42 API calls 16818->16819 16820 2c51fd 16819->16820 16820->16375 16822 2b9e08 16821->16822 16823 2b9e17 16821->16823 16822->16823 16824 2b9da0 RaiseException 16822->16824 16823->16258 16846 2c7279 16826->16846 16830 2c71cf 16829->16830 16831 2c71e3 16829->16831 16847 2c4dd3 __fassign 38 API calls 16846->16847 17030 2c4f56 17029->17030 17031 2c517e _free 20 API calls 17030->17031 17032 2c4f65 17030->17032 17033 2c4f5b 17031->17033 17032->15888 17034 2c4640 __mbsinc 26 API calls 17033->17034 17034->17032 17036 2c7b4d _unexpected 17035->17036 17044 2c7b65 17036->17044 17057 2c7c9b GetModuleHandleW 17036->17057 17043 2c7be2 17047 2c7bfa 17043->17047 17048 2c7a8d _abort 5 API calls 17043->17048 17066 2cb0d1 EnterCriticalSection 17044->17066 17045 2c7c28 17073 2c7c5a 17045->17073 17046 2c7c54 17081 2d1b19 17046->17081 17049 2c7a8d _abort 5 API calls 17047->17049 17048->17047 17055 2c7c0b 17049->17055 17050 2c7b6d 17050->17043 17050->17055 17067 2c8332 17050->17067 17070 2c7c4b 17055->17070 17058 2c7b59 17057->17058 17058->17044 17059 2c7cdf GetModuleHandleExW 17058->17059 17060 2c7d09 GetProcAddress 17059->17060 17064 2c7d1e 17059->17064 17060->17064 17061 2c7d3b 17063 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 17061->17063 17062 2c7d32 FreeLibrary 17062->17061 17065 2c7d45 17063->17065 17064->17061 17064->17062 17065->17044 17066->17050 17084 2c806b 17067->17084 17106 2cb121 LeaveCriticalSection 17070->17106 17072 2c7c24 17072->17045 17072->17046 17107 2cb516 17073->17107 17076 2c7c88 17079 2c7cdf _abort 8 API calls 17076->17079 17077 2c7c68 GetPEB 17077->17076 17078 2c7c78 GetCurrentProcess TerminateProcess 17077->17078 17078->17076 17080 2c7c90 ExitProcess 17079->17080 17082 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 17081->17082 17083 2d1b24 17082->17083 17083->17083 17087 2c801a 17084->17087 17086 2c808f 17086->17043 17088 2c8026 CallCatchBlock 17087->17088 17095 2cb0d1 EnterCriticalSection 17088->17095 17090 2c8034 17096 2c80bb 17090->17096 17094 2c8052 __onexit 17094->17086 17095->17090 17097 2c80db 17096->17097 17100 2c80e3 17096->17100 17098 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 17097->17098 17099 2c8041 17098->17099 17102 2c805f 17099->17102 17100->17097 17101 2c8de9 _free 20 API calls 17100->17101 17101->17097 17105 2cb121 LeaveCriticalSection 17102->17105 17104 2c8069 17104->17094 17105->17104 17106->17072 17108 2cb53b 17107->17108 17112 2cb531 17107->17112 17109 2cb138 _unexpected 5 API calls 17108->17109 17109->17112 17110 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 17111 2c7c64 17110->17111 17111->17076 17111->17077 17112->17110 17116 2cbf6d 17113->17116 17117 2cbf86 17116->17117 17118 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 17117->17118 17119 2c0f10 17118->17119 17119->15502 14976 2b2ba0 14979 2b2e10 try_get_first_available_module 14976->14979 14977 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 14978 2b316b 14977->14978 14980 2b3171 14979->14980 14985 2b2e94 BuildCatchObjectHelperInternal 14979->14985 14999 2b3144 14979->14999 15007 2b3bf0 14980->15007 14982 2b3176 14983 2b3bf0 45 API calls 14982->14983 14984 2b317b 14983->14984 15016 2c4650 14984->15016 14985->14982 14995 2b2f2d 14985->14995 14995->14984 15001 2b3e50 14995->15001 14999->14977 15002 2b3eb0 15001->15002 15003 2b3bf0 45 API calls 15002->15003 15004 2b3fd8 15003->15004 15005 2c4650 26 API calls 15004->15005 15006 2b3fdd 15005->15006 15021 2c059d 15007->15021 15017 2c45c5 __mbsinc 26 API calls 15016->15017 15018 2c465f 15017->15018 15019 2c466d __mbsinc 11 API calls 15018->15019 15020 2c466c 15019->15020 15026 2c04eb 15021->15026 15024 2c203a __CxxThrowException@8 RaiseException 15025 2c05bc 15024->15025 15029 2c0493 15026->15029 15030 2c2a76 ___std_exception_copy 27 API calls 15029->15030 15031 2c04bf 15030->15031 15031->15024 19595 2c9d80 19605 2ce367 19595->19605 19599 2c9d8d 19618 2ce448 19599->19618 19602 2c9db7 19603 2c8de9 _free 20 API calls 19602->19603 19604 2c9dc2 19603->19604 19622 2ce370 19605->19622 19607 2c9d88 19608 2ce21a 19607->19608 19609 2ce226 CallCatchBlock 19608->19609 19642 2cb0d1 EnterCriticalSection 19609->19642 19611 2ce29c 19656 2ce2b1 19611->19656 19613 2ce231 19613->19611 19615 2ce270 DeleteCriticalSection 19613->19615 19643 2cf873 19613->19643 19614 2ce2a8 __onexit 19614->19599 19616 2c8de9 _free 20 API calls 19615->19616 19616->19613 19619 2ce45e 19618->19619 19620 2c9d9c DeleteCriticalSection 19618->19620 19619->19620 19621 2c8de9 _free 20 API calls 19619->19621 19620->19599 19620->19602 19621->19620 19623 2ce37c CallCatchBlock 19622->19623 19632 2cb0d1 EnterCriticalSection 19623->19632 19625 2ce41f 19637 2ce43f 19625->19637 19629 2ce42b __onexit 19629->19607 19630 2ce38b 19630->19625 19631 2ce320 66 API calls 19630->19631 19633 2c9dcc EnterCriticalSection 19630->19633 19634 2ce415 19630->19634 19631->19630 19632->19630 19633->19630 19640 2c9de0 LeaveCriticalSection 19634->19640 19636 2ce41d 19636->19630 19641 2cb121 LeaveCriticalSection 19637->19641 19639 2ce446 19639->19629 19640->19636 19641->19639 19642->19613 19644 2cf87f CallCatchBlock 19643->19644 19645 2cf890 19644->19645 19647 2cf8a5 19644->19647 19646 2c517e _free 20 API calls 19645->19646 19648 2cf895 19646->19648 19655 2cf8a0 __onexit 19647->19655 19659 2c9dcc EnterCriticalSection 19647->19659 19650 2c4640 __mbsinc 26 API calls 19648->19650 19650->19655 19651 2cf8c1 19660 2cf7fd 19651->19660 19653 2cf8cc 19676 2cf8e9 19653->19676 19655->19613 19924 2cb121 LeaveCriticalSection 19656->19924 19658 2ce2b8 19658->19614 19659->19651 19661 2cf81f 19660->19661 19662 2cf80a 19660->19662 19668 2cf81a 19661->19668 19679 2ce2ba 19661->19679 19663 2c517e _free 20 API calls 19662->19663 19664 2cf80f 19663->19664 19666 2c4640 __mbsinc 26 API calls 19664->19666 19666->19668 19668->19653 19669 2ce448 20 API calls 19670 2cf83b 19669->19670 19685 2c9c87 19670->19685 19672 2cf841 19692 2d0af3 19672->19692 19675 2c8de9 _free 20 API calls 19675->19668 19923 2c9de0 LeaveCriticalSection 19676->19923 19678 2cf8f1 19678->19655 19680 2ce2d2 19679->19680 19681 2ce2ce 19679->19681 19680->19681 19682 2c9c87 26 API calls 19680->19682 19681->19669 19683 2ce2f2 19682->19683 19707 2cf46d 19683->19707 19686 2c9ca8 19685->19686 19687 2c9c93 19685->19687 19686->19672 19688 2c517e _free 20 API calls 19687->19688 19689 2c9c98 19688->19689 19690 2c4640 __mbsinc 26 API calls 19689->19690 19691 2c9ca3 19690->19691 19691->19672 19693 2d0b17 19692->19693 19694 2d0b02 19692->19694 19696 2d0b52 19693->19696 19701 2d0b3e 19693->19701 19695 2c516b __dosmaperr 20 API calls 19694->19695 19698 2d0b07 19695->19698 19697 2c516b __dosmaperr 20 API calls 19696->19697 19699 2d0b57 19697->19699 19700 2c517e _free 20 API calls 19698->19700 19702 2c517e _free 20 API calls 19699->19702 19703 2cf847 19700->19703 19880 2d0acb 19701->19880 19705 2d0b5f 19702->19705 19703->19668 19703->19675 19706 2c4640 __mbsinc 26 API calls 19705->19706 19706->19703 19708 2cf479 CallCatchBlock 19707->19708 19709 2cf481 19708->19709 19711 2cf499 19708->19711 19732 2c516b 19709->19732 19710 2cf537 19713 2c516b __dosmaperr 20 API calls 19710->19713 19711->19710 19716 2cf4ce 19711->19716 19715 2cf53c 19713->19715 19718 2c517e _free 20 API calls 19715->19718 19735 2cb71d EnterCriticalSection 19716->19735 19717 2c517e _free 20 API calls 19726 2cf48e __onexit 19717->19726 19720 2cf544 19718->19720 19722 2c4640 __mbsinc 26 API calls 19720->19722 19721 2cf4d4 19723 2cf505 19721->19723 19724 2cf4f0 19721->19724 19722->19726 19736 2cf558 19723->19736 19725 2c517e _free 20 API calls 19724->19725 19728 2cf4f5 19725->19728 19726->19681 19730 2c516b __dosmaperr 20 API calls 19728->19730 19729 2cf500 19787 2cf52f 19729->19787 19730->19729 19733 2c8b29 _free 20 API calls 19732->19733 19734 2c5170 19733->19734 19734->19717 19735->19721 19737 2cf586 19736->19737 19775 2cf57f 19736->19775 19738 2cf5a9 19737->19738 19739 2cf58a 19737->19739 19743 2cf5fa 19738->19743 19744 2cf5dd 19738->19744 19740 2c516b __dosmaperr 20 API calls 19739->19740 19742 2cf58f 19740->19742 19741 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 19745 2cf760 19741->19745 19746 2c517e _free 20 API calls 19742->19746 19747 2cf610 19743->19747 19790 2cf7e2 19743->19790 19748 2c516b __dosmaperr 20 API calls 19744->19748 19745->19729 19749 2cf596 19746->19749 19793 2cf0fd 19747->19793 19752 2cf5e2 19748->19752 19753 2c4640 __mbsinc 26 API calls 19749->19753 19755 2c517e _free 20 API calls 19752->19755 19753->19775 19758 2cf5ea 19755->19758 19756 2cf61e 19761 2cf644 19756->19761 19762 2cf622 19756->19762 19757 2cf657 19759 2cf66b 19757->19759 19760 2cf6b1 WriteFile 19757->19760 19763 2c4640 __mbsinc 26 API calls 19758->19763 19764 2cf6a1 19759->19764 19765 2cf673 19759->19765 19767 2cf6d4 GetLastError 19760->19767 19769 2cf63a 19760->19769 19805 2ceedd GetConsoleCP 19761->19805 19766 2cf718 19762->19766 19800 2cf090 19762->19800 19763->19775 19831 2cf173 19764->19831 19770 2cf678 19765->19770 19771 2cf691 19765->19771 19774 2c517e _free 20 API calls 19766->19774 19766->19775 19767->19769 19769->19766 19769->19775 19778 2cf6f4 19769->19778 19770->19766 19816 2cf252 19770->19816 19823 2cf340 19771->19823 19777 2cf73d 19774->19777 19775->19741 19780 2c516b __dosmaperr 20 API calls 19777->19780 19781 2cf70f 19778->19781 19782 2cf6fb 19778->19782 19780->19775 19838 2c5148 19781->19838 19783 2c517e _free 20 API calls 19782->19783 19785 2cf700 19783->19785 19786 2c516b __dosmaperr 20 API calls 19785->19786 19786->19775 19879 2cb740 LeaveCriticalSection 19787->19879 19789 2cf535 19789->19726 19843 2cf764 19790->19843 19865 2ce486 19793->19865 19795 2cf10d 19796 2c8aa5 _unexpected 38 API calls 19795->19796 19797 2cf112 19795->19797 19798 2cf135 19796->19798 19797->19756 19797->19757 19798->19797 19799 2cf153 GetConsoleMode 19798->19799 19799->19797 19802 2cf0b5 19800->19802 19804 2cf0ea 19800->19804 19801 2cf0ec GetLastError 19801->19804 19802->19801 19803 2d0a04 WriteConsoleW CreateFileW 19802->19803 19802->19804 19803->19802 19804->19769 19809 2cef40 19805->19809 19815 2cf052 19805->19815 19806 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 19808 2cf08c 19806->19808 19808->19769 19810 2c9258 40 API calls __fassign 19809->19810 19811 2cefc6 WideCharToMultiByte 19809->19811 19814 2cf01d WriteFile 19809->19814 19809->19815 19874 2c8bfa 19809->19874 19810->19809 19812 2cefec WriteFile 19811->19812 19811->19815 19812->19809 19813 2cf075 GetLastError 19812->19813 19813->19815 19814->19809 19814->19813 19815->19806 19818 2cf261 19816->19818 19817 2cf323 19820 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 19817->19820 19818->19817 19819 2cf2df WriteFile 19818->19819 19819->19818 19821 2cf325 GetLastError 19819->19821 19822 2cf33c 19820->19822 19821->19817 19822->19769 19828 2cf34f 19823->19828 19824 2cf45a 19825 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 19824->19825 19826 2cf469 19825->19826 19826->19769 19827 2cf3d1 WideCharToMultiByte 19829 2cf406 WriteFile 19827->19829 19830 2cf452 GetLastError 19827->19830 19828->19824 19828->19827 19828->19829 19829->19828 19829->19830 19830->19824 19835 2cf182 19831->19835 19832 2cf235 19833 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 19832->19833 19836 2cf24e 19833->19836 19834 2cf1f4 WriteFile 19834->19835 19837 2cf237 GetLastError 19834->19837 19835->19832 19835->19834 19836->19769 19837->19832 19839 2c516b __dosmaperr 20 API calls 19838->19839 19840 2c5153 _free 19839->19840 19841 2c517e _free 20 API calls 19840->19841 19842 2c5166 19841->19842 19842->19775 19852 2cb7f4 19843->19852 19845 2cf776 19846 2cf77e 19845->19846 19847 2cf78f SetFilePointerEx 19845->19847 19848 2c517e _free 20 API calls 19846->19848 19849 2cf783 19847->19849 19850 2cf7a7 GetLastError 19847->19850 19848->19849 19849->19747 19851 2c5148 __dosmaperr 20 API calls 19850->19851 19851->19849 19853 2cb816 19852->19853 19854 2cb801 19852->19854 19857 2c516b __dosmaperr 20 API calls 19853->19857 19859 2cb83b 19853->19859 19855 2c516b __dosmaperr 20 API calls 19854->19855 19856 2cb806 19855->19856 19858 2c517e _free 20 API calls 19856->19858 19860 2cb846 19857->19860 19861 2cb80e 19858->19861 19859->19845 19862 2c517e _free 20 API calls 19860->19862 19861->19845 19863 2cb84e 19862->19863 19864 2c4640 __mbsinc 26 API calls 19863->19864 19864->19861 19866 2ce493 19865->19866 19868 2ce4a0 19865->19868 19867 2c517e _free 20 API calls 19866->19867 19869 2ce498 19867->19869 19870 2ce4ac 19868->19870 19871 2c517e _free 20 API calls 19868->19871 19869->19795 19870->19795 19872 2ce4cd 19871->19872 19873 2c4640 __mbsinc 26 API calls 19872->19873 19873->19869 19875 2c8aa5 _unexpected 38 API calls 19874->19875 19876 2c8c05 19875->19876 19877 2c8d51 __fassign 38 API calls 19876->19877 19878 2c8c15 19877->19878 19878->19809 19879->19789 19883 2d0a49 19880->19883 19882 2d0aef 19882->19703 19884 2d0a55 CallCatchBlock 19883->19884 19894 2cb71d EnterCriticalSection 19884->19894 19886 2d0a63 19887 2d0a8a 19886->19887 19888 2d0a95 19886->19888 19895 2d0b72 19887->19895 19890 2c517e _free 20 API calls 19888->19890 19891 2d0a90 19890->19891 19910 2d0abf 19891->19910 19893 2d0ab2 __onexit 19893->19882 19894->19886 19896 2cb7f4 26 API calls 19895->19896 19898 2d0b82 19896->19898 19897 2d0b88 19913 2cb763 19897->19913 19898->19897 19899 2d0bba 19898->19899 19901 2cb7f4 26 API calls 19898->19901 19899->19897 19902 2cb7f4 26 API calls 19899->19902 19904 2d0bb1 19901->19904 19905 2d0bc6 CloseHandle 19902->19905 19908 2cb7f4 26 API calls 19904->19908 19905->19897 19909 2d0bd2 GetLastError 19905->19909 19906 2d0c02 19906->19891 19907 2c5148 __dosmaperr 20 API calls 19907->19906 19908->19899 19909->19897 19922 2cb740 LeaveCriticalSection 19910->19922 19912 2d0ac9 19912->19893 19914 2cb7d9 19913->19914 19917 2cb772 19913->19917 19915 2c517e _free 20 API calls 19914->19915 19916 2cb7de 19915->19916 19918 2c516b __dosmaperr 20 API calls 19916->19918 19917->19914 19921 2cb79c 19917->19921 19919 2cb7c9 19918->19919 19919->19906 19919->19907 19920 2cb7c3 SetStdHandle 19920->19919 19921->19919 19921->19920 19922->19912 19923->19678 19924->19658 19980 2c8990 19981 2c899b 19980->19981 19985 2c89ab 19980->19985 19986 2c89b1 19981->19986 19984 2c8de9 _free 20 API calls 19984->19985 19987 2c89ca 19986->19987 19988 2c89c4 19986->19988 19990 2c8de9 _free 20 API calls 19987->19990 19989 2c8de9 _free 20 API calls 19988->19989 19989->19987 19991 2c89d6 19990->19991 19992 2c8de9 _free 20 API calls 19991->19992 19993 2c89e1 19992->19993 19994 2c8de9 _free 20 API calls 19993->19994 19995 2c89ec 19994->19995 19996 2c8de9 _free 20 API calls 19995->19996 19997 2c89f7 19996->19997 19998 2c8de9 _free 20 API calls 19997->19998 19999 2c8a02 19998->19999 20000 2c8de9 _free 20 API calls 19999->20000 20001 2c8a0d 20000->20001 20002 2c8de9 _free 20 API calls 20001->20002 20003 2c8a18 20002->20003 20004 2c8de9 _free 20 API calls 20003->20004 20005 2c8a23 20004->20005 20006 2c8de9 _free 20 API calls 20005->20006 20007 2c8a31 20006->20007 20012 2c886c 20007->20012 20018 2c8778 20012->20018 20014 2c8890 20015 2c88bc 20014->20015 20031 2c87d9 20015->20031 20017 2c88e0 20017->19984 20019 2c8784 CallCatchBlock 20018->20019 20026 2cb0d1 EnterCriticalSection 20019->20026 20022 2c878e 20023 2c8de9 _free 20 API calls 20022->20023 20025 2c87b8 20022->20025 20023->20025 20024 2c87c5 __onexit 20024->20014 20027 2c87cd 20025->20027 20026->20022 20030 2cb121 LeaveCriticalSection 20027->20030 20029 2c87d7 20029->20024 20030->20029 20032 2c87e5 CallCatchBlock 20031->20032 20039 2cb0d1 EnterCriticalSection 20032->20039 20034 2c87ef 20035 2c8a5a _unexpected 20 API calls 20034->20035 20036 2c8802 20035->20036 20040 2c8818 20036->20040 20038 2c8810 __onexit 20038->20017 20039->20034 20043 2cb121 LeaveCriticalSection 20040->20043 20042 2c8822 20042->20038 20043->20042 17965 2cbee1 17967 2cbf03 17965->17967 17969 2cbf07 17965->17969 17966 2c0bbe __ehhandler$___std_fs_change_permissions@12 5 API calls 17968 2cbf69 17966->17968 17967->17966 17969->17967 17970 2c9f80 31 API calls 17969->17970 17970->17969 14681 2c05f8 14682 2c0608 14681->14682 14685 2b7ae6 14682->14685 14711 2b7847 14685->14711 14687 2b7af6 14688 2b7b53 14687->14688 14699 2b7b77 14687->14699 14689 2b7a84 DloadReleaseSectionWriteAccess 8 API calls 14688->14689 14690 2b7b5e RaiseException 14689->14690 14704 2b7d4c 14690->14704 14691 2b7c62 14695 2b7d1e 14691->14695 14698 2b7cc0 GetProcAddress 14691->14698 14692 2b7bef LoadLibraryExA 14693 2b7c02 GetLastError 14692->14693 14694 2b7c50 14692->14694 14697 2b7c2b 14693->14697 14708 2b7c15 14693->14708 14694->14691 14696 2b7c5b FreeLibrary 14694->14696 14722 2b7a84 14695->14722 14696->14691 14700 2b7a84 DloadReleaseSectionWriteAccess 8 API calls 14697->14700 14698->14695 14701 2b7cd0 GetLastError 14698->14701 14699->14691 14699->14692 14699->14694 14699->14695 14702 2b7c36 RaiseException 14700->14702 14706 2b7ce3 14701->14706 14702->14704 14705 2b7a84 DloadReleaseSectionWriteAccess 8 API calls 14707 2b7d04 RaiseException 14705->14707 14706->14695 14706->14705 14709 2b7847 DloadAcquireSectionWriteAccess 8 API calls 14707->14709 14708->14694 14708->14697 14710 2b7d1b 14709->14710 14710->14695 14712 2b7879 14711->14712 14713 2b7853 14711->14713 14712->14687 14730 2b78ed 14713->14730 14715 2b7858 14716 2b7874 14715->14716 14735 2b7a16 14715->14735 14740 2b787a 14716->14740 14720 2b7adb 14720->14687 14721 2b7ad7 RtlReleaseSRWLockExclusive 14721->14687 14723 2b7ab8 14722->14723 14724 2b7a96 14722->14724 14723->14704 14725 2b78ed DloadAcquireSectionWriteAccess 4 API calls 14724->14725 14726 2b7a9b 14725->14726 14727 2b7ab3 14726->14727 14728 2b7a16 DloadProtectSection 3 API calls 14726->14728 14750 2b7aba 14727->14750 14728->14727 14731 2b787a DloadGetSRWLockFunctionPointers 3 API calls 14730->14731 14732 2b78f2 14731->14732 14733 2b790a RtlAcquireSRWLockExclusive 14732->14733 14734 2b790e 14732->14734 14733->14715 14734->14715 14736 2b7a2b DloadObtainSection 14735->14736 14737 2b7a66 VirtualProtect 14736->14737 14738 2b7a31 14736->14738 14746 2b792c VirtualQuery 14736->14746 14737->14738 14738->14716 14741 2b7888 14740->14741 14742 2b789d 14740->14742 14741->14742 14743 2b788c GetModuleHandleW 14741->14743 14742->14720 14742->14721 14743->14742 14744 2b78a1 GetProcAddress 14743->14744 14744->14742 14745 2b78b1 GetProcAddress 14744->14745 14745->14742 14747 2b7947 14746->14747 14748 2b7952 GetSystemInfo 14747->14748 14749 2b7989 14747->14749 14748->14749 14749->14737 14751 2b787a DloadGetSRWLockFunctionPointers 3 API calls 14750->14751 14752 2b7abf 14751->14752 14753 2b7adb 14752->14753 14754 2b7ad7 RtlReleaseSRWLockExclusive 14752->14754 14753->14723 14754->14723

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 002B52F0 Relevance: 231.5, APIs: 95, Strings: 36, Instructions: 2278synchronizationfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000103), ref: 002B548F
                                                                                                                                                                                                              • Part of subcall function 002B7FE0: GetVersionExW.KERNEL32(?), ref: 002B8004
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 002B54D6
                                                                                                                                                                                                              • Part of subcall function 002B7E70: OpenProcessToken.ADVAPI32(T+,00000008,?,5EFD1808,?,00000000), ref: 002B7EAC
                                                                                                                                                                                                              • Part of subcall function 002B7E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,002D20C0), ref: 002B7ED9
                                                                                                                                                                                                              • Part of subcall function 002B7E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 002B7F15
                                                                                                                                                                                                              • Part of subcall function 002B7E70: IsValidSid.ADVAPI32 ref: 002B7F22
                                                                                                                                                                                                              • Part of subcall function 002B7E70: GetSidSubAuthorityCount.ADVAPI32 ref: 002B7F31
                                                                                                                                                                                                              • Part of subcall function 002B7E70: GetSidSubAuthority.ADVAPI32(?,?), ref: 002B7F3D
                                                                                                                                                                                                              • Part of subcall function 002B7E70: CloseHandle.KERNELBASE(00000000), ref: 002B7F4F
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,0000052F), ref: 002B54FC
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 002B550A
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000000C1), ref: 002B5593
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 002B55A2
                                                                                                                                                                                                            • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 002B55D9
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 002B55E9
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000420), ref: 002B5602
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002B75E3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002B75F4
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002B7605
                                                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 002B76A1
                                                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 002B76B3
                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 002B76EF
                                                                                                                                                                                                            • CopyFileW.KERNEL32(00000000,?,00000000), ref: 002B7707
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 002B7718
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002B771F
                                                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 002B7817
                                                                                                                                                                                                              • Part of subcall function 002B3B70: #17.COMCTL32 ref: 002B3B84
                                                                                                                                                                                                              • Part of subcall function 002B3B70: LoadStringW.USER32(002B0000,000003E9,?,00000000), ref: 002B3BA1
                                                                                                                                                                                                              • Part of subcall function 002B3B70: LoadStringW.USER32(002B0000,?,?,00000000), ref: 002B3BBA
                                                                                                                                                                                                              • Part of subcall function 002B3B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 002B3BCF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExchangeInterlocked$CloseHandle$LoadToken$AuthorityCreateInformationMutexProcessString_wcsrchr$CopyCountCurrentErrorFileHardHelper2@8LastLinkMessageOpenReleaseValidVersion___delay
                                                                                                                                                                                                            • String ID: $ /cookie:$ /edat_dir:$ /ga_clientid:$ /sub_edition:$%s\%s$/cookie$/cust_ini$/ppi_icd$/silent$/smbupd$AuthorizationType$Avast One$D$Enabled$Password$Port$Properties$ProxySettings$ProxyType$User$User-Agent: avast! Antivirus (instup)$X>-$allow_fallback$avcfg://settings/Common/VersionSwitch$count$enable$http://$https://$installer.exe$mirror$server0$servers$stable$urlpgm${versionSwitch}
                                                                                                                                                                                                            • API String ID: 1722064709-541142356
                                                                                                                                                                                                            • Opcode ID: 591d38ae44afc06a9fd89a3076573fbeec65620ab240c82af211d7c8d8cabff4
                                                                                                                                                                                                            • Instruction ID: bf9a79d591de7f5e31b0ccd02ea95bf7959dc19abda3dbb833ad8472eda94807
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 591d38ae44afc06a9fd89a3076573fbeec65620ab240c82af211d7c8d8cabff4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E238B71E212299AEF20DF64CC49BEEB7B8AF45344F1041DAE509A7182DB70AF94CF51
                                                                                                                                                                                                            Function 002BBB70 Relevance: 41.0, APIs: 13, Strings: 10, Instructions: 777filelibraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 731 2bbb70-2bbbdd GetVersion 732 2bbbe8-2bbbf0 731->732 733 2bbbdf-2bbbe6 731->733 735 2bbbf6-2bbc11 GetModuleHandleW GetProcAddress 732->735 736 2bbcf5-2bbd2c GetModuleHandleW GetProcAddress 732->736 734 2bbc58-2bbc92 call 2c5191 * 3 call 2c0bbe 733->734 735->734 737 2bbc13-2bbc2c GetSystemFirmwareTable 735->737 739 2bbf1a 736->739 740 2bbd32-2bbd71 736->740 750 2bbc2e-2bbc4c call 2c5196 737->750 751 2bbc55 737->751 742 2bbf1c 739->742 740->739 759 2bbd77-2bbd95 MapViewOfFile 740->759 746 2bbf21-2bbf2d 742->746 748 2bbf39-2bbf3b 746->748 749 2bbf2f-2bbf36 CloseHandle 746->749 753 2bc45d-2bc45f 748->753 754 2bbf41-2bbf59 call 2bcb00 748->754 749->748 766 2bbc4e 750->766 767 2bbc93-2bbcbd call 2c1ee0 GetSystemFirmwareTable 750->767 751->734 753->734 760 2bc465-2bc46c UnmapViewOfFile 753->760 769 2bbf5b-2bbf75 call 2bc490 754->769 770 2bbf87-2bbf9f call 2bcb00 754->770 764 2bbd9b-2bbd9f 759->764 765 2bbf16-2bbf18 759->765 760->734 771 2bbda0-2bbda6 764->771 765->742 766->751 767->751 792 2bbcbf-2bbccd 767->792 782 2bbf7f-2bbf83 769->782 783 2bbf77 769->783 786 2bbfa1-2bbfc2 call 2bc490 * 2 770->786 787 2bbfc5-2bbfdd call 2bcb00 770->787 774 2bbda8-2bbdb3 771->774 775 2bbdb5-2bbdbe 771->775 774->771 774->775 779 2bbf12-2bbf14 775->779 780 2bbdc4-2bbdc9 775->780 779->742 780->779 784 2bbdcf-2bbdd1 780->784 782->770 783->770 789 2bbf79-2bbf7d 783->789 790 2bbddb-2bbde7 784->790 791 2bbdd3-2bbdd5 784->791 786->787 800 2bbfdf-2bc000 call 2bc490 * 2 787->800 801 2bc003-2bc01b call 2bcb00 787->801 789->770 789->782 790->779 798 2bbded-2bbdf4 790->798 791->779 791->790 796 2bbccf-2bbcd7 792->796 797 2bbcdc-2bbcf0 792->797 796->751 797->754 798->779 802 2bbdfa-2bbe02 798->802 800->801 812 2bc01d-2bc031 801->812 813 2bc05c 801->813 802->779 806 2bbe08-2bbe10 802->806 806->779 809 2bbe16-2bbe25 806->809 809->779 810 2bbe2b-2bbe67 UnmapViewOfFile MapViewOfFile 809->810 814 2bbf0d-2bbf10 810->814 815 2bbe6d-2bbe8d call 2c5196 810->815 818 2bc03b-2bc059 call 2bc490 * 2 812->818 819 2bc033 812->819 816 2bc060-2bc070 call 2bb780 813->816 814->742 827 2bbe9f-2bbedd call 2c1ee0 call 2c17c0 UnmapViewOfFile 815->827 828 2bbe8f-2bbe9a 815->828 830 2bc471-2bc476 call 2b9da0 816->830 831 2bc076-2bc0ae call 2bcb00 816->831 818->813 819->813 820 2bc035-2bc039 819->820 820->813 820->818 827->746 828->746 836 2bc47b-2bc485 call 2b9da0 830->836 845 2bc389-2bc39e 831->845 846 2bc0b4-2bc0b9 831->846 849 2bc3a0-2bc3b0 845->849 850 2bc3b7-2bc3bc 845->850 847 2bc0cb-2bc0e2 call 2bc490 846->847 848 2bc0bb 846->848 866 2bc0e8-2bc108 847->866 867 2bc1a5-2bc1b9 call 2bc490 847->867 851 2bc352-2bc367 848->851 852 2bc0c1-2bc0c5 848->852 873 2bc3b4 849->873 854 2bc3be 850->854 855 2bc3c7-2bc3dd call 2bcb00 850->855 856 2bc369-2bc379 851->856 857 2bc37d-2bc381 851->857 852->847 852->851 861 2bc3fc 854->861 862 2bc3c0-2bc3c5 854->862 871 2bc3df-2bc3f4 call 2bc490 855->871 872 2bc3f7-2bc3fa 855->872 856->857 857->816 865 2bc387 857->865 868 2bc3fe 861->868 869 2bc407-2bc420 call 2bcb00 861->869 862->855 863 2bc403-2bc405 862->863 863->869 877 2bc457 863->877 865->873 866->836 874 2bc10e-2bc110 866->874 888 2bc1bf-2bc1df 867->888 889 2bc27c-2bc293 call 2bc490 867->889 876 2bc400 868->876 868->877 880 2bc45a 869->880 890 2bc422-2bc455 call 2bc490 * 3 869->890 871->872 872->861 873->850 881 2bc112-2bc114 874->881 882 2bc116-2bc123 call 2c5637 874->882 876->863 877->880 880->753 886 2bc125-2bc131 881->886 882->886 886->836 894 2bc137-2bc139 886->894 888->836 892 2bc1e5-2bc1e7 888->892 889->851 906 2bc299-2bc2b6 889->906 890->880 897 2bc1e9-2bc1eb 892->897 898 2bc1ed-2bc1fa call 2c5637 892->898 894->836 900 2bc13f-2bc153 894->900 904 2bc1fc-2bc208 897->904 898->904 901 2bc168 900->901 902 2bc155-2bc166 call 2bc8c0 900->902 912 2bc16b-2bc193 call 2bcfb0 901->912 902->912 904->836 911 2bc20e-2bc210 904->911 906->836 908 2bc2bc-2bc2be 906->908 913 2bc2c0-2bc2c2 908->913 914 2bc2c4-2bc2d1 call 2c5637 908->914 911->836 917 2bc216-2bc22a 911->917 912->836 928 2bc199-2bc1a1 912->928 919 2bc2d3-2bc2df 913->919 914->919 922 2bc23f 917->922 923 2bc22c-2bc23d call 2bc8c0 917->923 919->836 927 2bc2e5-2bc2e7 919->927 929 2bc242-2bc26a call 2bcfb0 922->929 923->929 927->836 931 2bc2ed-2bc301 927->931 928->867 929->836 937 2bc270-2bc278 929->937 933 2bc303-2bc314 call 2bc8c0 931->933 934 2bc316 931->934 938 2bc319-2bc343 call 2bcfb0 933->938 934->938 937->889 938->836 942 2bc349-2bc34e 938->942 942->851
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetVersion.KERNEL32(5EFD1808,00000000,00000000), ref: 002BBBCD
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemFirmwareTable), ref: 002BBC00
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 002BBC07
                                                                                                                                                                                                            • GetSystemFirmwareTable.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 002BBC26
                                                                                                                                                                                                            • GetSystemFirmwareTable.KERNELBASE ref: 002BBCB9
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll,NtOpenSection), ref: 002BBD1B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 002BBD22
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,00000004,00000000,000F0000,00010000), ref: 002BBD88
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 002BBE31
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,00000004,00000000,?,?), ref: 002BBE5A
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 002BBECA
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 002BBF30
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 002BC466
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileView$HandleUnmap$AddressFirmwareModuleProcSystemTable$CloseVersion
                                                                                                                                                                                                            • String ID: ,$@$GetSystemFirmwareTable$LK-$NtOpenSection$W$_DMI$_SM_$kernel32.dll$ntdll.dll
                                                                                                                                                                                                            • API String ID: 26960555-738426256
                                                                                                                                                                                                            • Opcode ID: 810575c39fb9394fee471d9dbbc845a474c823ad46840b2a7357add9268af095
                                                                                                                                                                                                            • Instruction ID: 87929121ba0880d770fa2d8dcaf758cb850054108628945c25460ee0f0e4c064
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 810575c39fb9394fee471d9dbbc845a474c823ad46840b2a7357add9268af095
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9552CD71E102199FDB11CFA8CC55BEEBBB9AF48354F284119E944AB341D770AD62CF90
                                                                                                                                                                                                            Function 002BA100 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 329fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1142 2ba100-2ba148 call 2bb780 1145 2ba14e-2ba1b7 GetVersion call 2b9ff0 CreateFileW 1142->1145 1146 2ba4b7-2ba4bc call 2b9da0 1142->1146 1158 2ba1b9-2ba1c2 GetLastError 1145->1158 1159 2ba1c7-2ba1db call 2c5196 1145->1159 1149 2ba4c1-2ba4c6 call 2b9da0 1146->1149 1152 2ba4cb-2ba4d0 call 2b9da0 1149->1152 1156 2ba4d5-2ba4da call 2bcc40 1152->1156 1161 2ba46e-2ba482 call 2c5191 1158->1161 1166 2ba1e9-2ba229 call 2c1ee0 DeviceIoControl 1159->1166 1167 2ba1dd-2ba1e4 1159->1167 1169 2ba498-2ba4b6 call 2c0bbe 1161->1169 1170 2ba484-2ba494 1161->1170 1174 2ba22b-2ba234 GetLastError 1166->1174 1175 2ba239-2ba23e 1166->1175 1171 2ba465-2ba468 CloseHandle 1167->1171 1170->1169 1171->1161 1174->1171 1178 2ba45e 1175->1178 1179 2ba244-2ba247 1175->1179 1178->1171 1179->1178 1180 2ba24d-2ba252 1179->1180 1181 2ba41b-2ba420 1180->1181 1182 2ba258 1180->1182 1183 2ba438-2ba43d 1181->1183 1184 2ba422-2ba436 call 2bcb70 call 2bcc50 1181->1184 1185 2ba25a-2ba25f 1182->1185 1186 2ba265-2ba273 call 2bb780 1182->1186 1188 2ba440-2ba445 1183->1188 1184->1171 1185->1181 1185->1186 1186->1149 1195 2ba279-2ba29b 1186->1195 1188->1188 1191 2ba447-2ba45c call 2bcb70 call 2bcc50 1188->1191 1191->1171 1195->1152 1202 2ba2a1-2ba2b0 1195->1202 1203 2ba2be-2ba2d7 call 2bcdd0 1202->1203 1204 2ba2b2-2ba2bb call 2bc8c0 1202->1204 1209 2ba2d9-2ba2db 1203->1209 1210 2ba2dd-2ba2eb call 2c5637 1203->1210 1204->1203 1211 2ba2f1-2ba2f4 1209->1211 1210->1152 1210->1211 1211->1152 1214 2ba2fa-2ba30e 1211->1214 1215 2ba3e2-2ba3f3 1214->1215 1216 2ba314-2ba321 1214->1216 1217 2ba40e-2ba419 call 2bcc50 1215->1217 1218 2ba3f5-2ba40b 1215->1218 1219 2ba3d7-2ba3dd call 2bcb70 1216->1219 1220 2ba327-2ba32e 1216->1220 1217->1171 1218->1217 1219->1215 1220->1219 1223 2ba334-2ba354 1220->1223 1229 2ba362-2ba37f 1223->1229 1230 2ba356-2ba358 1223->1230 1229->1156 1238 2ba385-2ba39e call 2bcfb0 1229->1238 1230->1229 1231 2ba35a-2ba360 1230->1231 1232 2ba3a1-2ba3ae 1231->1232 1234 2ba3ca-2ba3d5 1232->1234 1235 2ba3b0-2ba3c7 1232->1235 1234->1215 1235->1234 1238->1232
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetVersion.KERNEL32 ref: 002BA180
                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 002BA1A9
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 002BA1B9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 002BA468
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLastVersion
                                                                                                                                                                                                            • String ID: DV+$SCSIDISK$\\.\PhysicalDrive%u$\\.\Scsi%u:
                                                                                                                                                                                                            • API String ID: 1515857667-3715843878
                                                                                                                                                                                                            • Opcode ID: 497c64b4d2f862b9d1a0424133d240488ec0c016e84fc005fc8159d2be2fc2e3
                                                                                                                                                                                                            • Instruction ID: 42426df62600e557295acf56c672f96acb066144d6df0380cb730433cb8b5618
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 497c64b4d2f862b9d1a0424133d240488ec0c016e84fc005fc8159d2be2fc2e3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AC19E70E212199FDB04DFA8D889AEDBBB5FF48350F14815AE805AB341DB71AD11CFA1
                                                                                                                                                                                                            Function 002B9250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptGenRandom.ADVAPI32(00000008,002B9209,5EFD1808,?,002B9209,0000800C,?,?,002DB144,00000000,?,?,?,?,002D2269,000000FF), ref: 002B92A8
                                                                                                                                                                                                            • GetLastError.KERNEL32(Unable to generate random number!,?,002B9209,0000800C,?,?,002DB144,00000000,?,?,?,?,002D2269,000000FF), ref: 002B9320
                                                                                                                                                                                                              • Part of subcall function 002B7DA0: ___std_exception_copy.LIBVCRUNTIME ref: 002B7DD8
                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 002B9338
                                                                                                                                                                                                              • Part of subcall function 002C203A: RaiseException.KERNEL32(?,?,002B8071,?,?,?,?,?,?,?,?,002B8071,?,002DB144,00000000), ref: 002C209A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CryptErrorExceptionException@8LastRaiseRandomThrow___std_exception_copy
                                                                                                                                                                                                            • String ID: Unable to generate random number!$-
                                                                                                                                                                                                            • API String ID: 4207938790-1432537653
                                                                                                                                                                                                            • Opcode ID: 42fdfc3e090d3012ab0d8e61cf8424ed453928b70b00d8ebd4b124712d0db2ab
                                                                                                                                                                                                            • Instruction ID: 367286c4b02f24a1c99c9177dc9718d77396efeb1f9125322c13b82d5e70bc5e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42fdfc3e090d3012ab0d8e61cf8424ed453928b70b00d8ebd4b124712d0db2ab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E821BD70E11249DBCB10EFA4D856FED77B8FB05710F10072AFA11AB2C0DB306DA08A51
                                                                                                                                                                                                            Function 002BB0E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 449encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 002BB780: GetProcessHeap.KERNEL32(DV+), ref: 002BB7DC
                                                                                                                                                                                                              • Part of subcall function 002B8DC0: lstrcatA.KERNEL32(?, (Prototype),?,5EFD1808,?), ref: 002B8E56
                                                                                                                                                                                                              • Part of subcall function 002B8DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,5EFD1808,?), ref: 002B8E6D
                                                                                                                                                                                                              • Part of subcall function 002B8DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,5EFD1808,?), ref: 002B8E85
                                                                                                                                                                                                              • Part of subcall function 002B9450: CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,002B8378,0000800C,5EFD1808,?), ref: 002B9470
                                                                                                                                                                                                              • Part of subcall function 002B9450: CryptDestroyHash.ADVAPI32(?,00000000), ref: 002B9489
                                                                                                                                                                                                              • Part of subcall function 002B8DC0: GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,5EFD1808,?), ref: 002B8EAC
                                                                                                                                                                                                              • Part of subcall function 002B8DC0: __CxxThrowException@8.LIBVCRUNTIME ref: 002B8ECA
                                                                                                                                                                                                              • Part of subcall function 002B8DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,002DB144,00000000,?,5EFD1808,?), ref: 002B8ED9
                                                                                                                                                                                                              • Part of subcall function 002B9450: GetLastError.KERNEL32(Unable to create hash context!), ref: 002B94A4
                                                                                                                                                                                                              • Part of subcall function 002B9450: __CxxThrowException@8.LIBVCRUNTIME ref: 002B94BC
                                                                                                                                                                                                              • Part of subcall function 002BC500: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 002BC5FD
                                                                                                                                                                                                              • Part of subcall function 002BC500: GetLastError.KERNEL32(?,?,?,?,002D2548), ref: 002BC607
                                                                                                                                                                                                              • Part of subcall function 002B9340: CryptGetHashParam.ADVAPI32(?,00000004,0000800C,002B8744,00000000,5EFD1808,?,?,?,00000000), ref: 002B9395
                                                                                                                                                                                                              • Part of subcall function 002B9340: CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 002B93DC
                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 002BB5EF
                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 002BB623
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Crypt$Hash$ContextDestroyErrorLast$Exception@8ParamReleaseThrow$AcquireCreateDirectoryHeapProcessSystemlstrcat
                                                                                                                                                                                                            • String ID: DV+
                                                                                                                                                                                                            • API String ID: 2781682779-3364880284
                                                                                                                                                                                                            • Opcode ID: bfce9ea11543b6edb279b44bb6c43b366873ac44a4a1160a840c30481b97bd6c
                                                                                                                                                                                                            • Instruction ID: 48e50b335d8c02ff56db89929f377f762318f43dee9b741654b245d9682069b9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfce9ea11543b6edb279b44bb6c43b366873ac44a4a1160a840c30481b97bd6c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94129D35D112688FDB22DB68CC44BDDBBB5AF45314F1482DAD909A7382DB70AE84CF91
                                                                                                                                                                                                            Function 002B82F0 Relevance: 1.6, APIs: 1, Instructions: 90encryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,00000000,00000004,?,002B8744,0000800C,5EFD1808,?), ref: 002B83CB
                                                                                                                                                                                                              • Part of subcall function 002B9020: CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,5EFD1808,?,?,002B8744,?,?,?,?,002D2269,000000FF), ref: 002B9088
                                                                                                                                                                                                              • Part of subcall function 002B9020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,002D2269,000000FF), ref: 002B90A4
                                                                                                                                                                                                              • Part of subcall function 002B9020: CryptHashData.ADVAPI32(?,?,5EFD1808,00000000,?,?,?,?,002D2269,000000FF), ref: 002B90BB
                                                                                                                                                                                                              • Part of subcall function 002B9020: CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,002D2269,000000FF), ref: 002B90E4
                                                                                                                                                                                                              • Part of subcall function 002B9020: CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,002D2269,000000FF), ref: 002B9128
                                                                                                                                                                                                              • Part of subcall function 002B9020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,002D2269,000000FF), ref: 002B913E
                                                                                                                                                                                                              • Part of subcall function 002B9020: CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,002D2269,000000FF), ref: 002B914E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Crypt$Hash$Destroy$Param$ContextCreateDataRelease
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2857581251-0
                                                                                                                                                                                                            • Opcode ID: 6cf9195e914234e5cd68f8b0c2d272dc8aaeb5ae25487e6e4ad54e5ab2a5f96f
                                                                                                                                                                                                            • Instruction ID: 21a84f1624f094db72fa88ca796d72ddc619af0c4819f00acb2595c7afd60607
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cf9195e914234e5cd68f8b0c2d272dc8aaeb5ae25487e6e4ad54e5ab2a5f96f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46310BB1D1020EABDB00DF94C886BEFBBB8EF55754F104159E905A3281DB74AA54CBA0
                                                                                                                                                                                                            Function 002B41B0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 132stringtimeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 002B41D4
                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002B41ED
                                                                                                                                                                                                            • GetVersionExA.KERNEL32(0000009C,?,?,00989680,00000000), ref: 002B4217
                                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?), ref: 002B422E
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 002B42DC
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 002B42FF
                                                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 002B4316
                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 002B436E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: SystemTimewsprintf$FileInfoNativeUnothrow_t@std@@@Version__ehfuncinfo$??2@lstrcatlstrlen
                                                                                                                                                                                                            • String ID: status=%08lxstatus_microstub=%08lx%08lx$AMD64$cookie=%lsedition=%ldevent=%smidex=%lsstat_session=%lsstatsSendTime=%I64dos=win,%d,%d,%d,%d,%d,%s%sexe_version=%lsSfxVersion=%ls$microstub$srv$x:-$8-$:-
                                                                                                                                                                                                            • API String ID: 2179732243-1027479093
                                                                                                                                                                                                            • Opcode ID: 932a67fdf1633f1318dde37faf44bb2ccb73dcd606174cb7749ad4ef7ac646f8
                                                                                                                                                                                                            • Instruction ID: 4f8dd74ce509f382143d6ff8da523acbe7622b82a9c2b51192a300f4aa9d6ab3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 932a67fdf1633f1318dde37faf44bb2ccb73dcd606174cb7749ad4ef7ac646f8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C5140B1E012189FCF60DF64DC84B9ABBB9EF48305F0041EAEA08A6251DB719E94DF55
                                                                                                                                                                                                            Function 002B1020 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 60libraryloadermemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 002B1029
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 002B1034
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 002B1044
                                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32(002D35D4), ref: 002B1068
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 002B1073
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,LdrEnumerateLoadedModules), ref: 002B1083
                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 002B10A4
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 002B10C0
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 002B10E4
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 002B10F0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExitProcess$AddressHandleModuleProc$DirectoryFeatureHeapInformationPresentProcessor
                                                                                                                                                                                                            • String ID: LdrEnumerateLoadedModules$SetDefaultDllDirectories$kernel32.dll$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1484830609-1451921263
                                                                                                                                                                                                            • Opcode ID: 4e9e6c95a784b8686b5333fbc807039d3d8c67b74b4d81a087e65949c3aa279a
                                                                                                                                                                                                            • Instruction ID: 7e9454110283343482bf84fb78cbc1cd3fa4ae68fc23ca4a5adc57d930f1e6fa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e9e6c95a784b8686b5333fbc807039d3d8c67b74b4d81a087e65949c3aa279a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69112170FA2312B7D630BB71FC1FB492B589B15B92F504522F909F51D0DE60CE608A97
                                                                                                                                                                                                            Function 002B38C0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1092 2b38c0-2b38f1 CreateFileMappingW 1093 2b38f3-2b38fb GetLastError 1092->1093 1094 2b3900-2b3914 MapViewOfFile 1092->1094 1095 2b3996-2b39b1 SetLastError call 2c0bbe 1093->1095 1096 2b3920-2b392d FindResourceW 1094->1096 1097 2b3916-2b391e GetLastError 1094->1097 1100 2b397f-2b3985 GetLastError 1096->1100 1101 2b392f-2b3939 LoadResource 1096->1101 1099 2b398e-2b3995 CloseHandle 1097->1099 1099->1095 1104 2b3987-2b3988 UnmapViewOfFile 1100->1104 1101->1100 1103 2b393b-2b3953 call 2c0602 1101->1103 1103->1100 1107 2b3955-2b397d wsprintfW 1103->1107 1104->1099 1107->1104
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileMappingW.KERNELBASE(?,00000000,01000002,00000000,00000000,00000000,?), ref: 002B38E7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 002B38F3
                                                                                                                                                                                                            • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?), ref: 002B390A
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 002B3916
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 002B398F
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 002B3997
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$File$CloseCreateHandleMappingView
                                                                                                                                                                                                            • String ID: %d.%d.%d.%d
                                                                                                                                                                                                            • API String ID: 1867540158-3491811756
                                                                                                                                                                                                            • Opcode ID: 4a2600e7dd6d6c6f7b76b5bf099c741ccda72c6d215432bfd6a8930c71d373ad
                                                                                                                                                                                                            • Instruction ID: 05804af064b94b1d2ffb3c40be631c651b43cff65cdfca81e9ae1e12f127a30b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a2600e7dd6d6c6f7b76b5bf099c741ccda72c6d215432bfd6a8930c71d373ad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4521BF71A11215BBD720DF65EC4DFBBBB68EF09B91F10415AF90AE6280DAB0CE10C661
                                                                                                                                                                                                            Function 002B3190 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1108 2b3190-2b31b9 GetWindowsDirectoryW 1109 2b31bf-2b31c2 1108->1109 1110 2b3240-2b3246 GetLastError 1108->1110 1109->1110 1112 2b31c4-2b31e1 call 2b9250 ConvertStringSecurityDescriptorToSecurityDescriptorA 1109->1112 1111 2b3248-2b324d 1110->1111 1113 2b324f-2b3250 LocalFree 1111->1113 1114 2b3256-2b3272 SetLastError call 2c0bbe 1111->1114 1112->1110 1118 2b31e3-2b3217 wsprintfW CreateDirectoryW 1112->1118 1113->1114 1118->1111 1120 2b3219-2b323e wsprintfW CreateDirectoryW 1118->1120 1120->1110 1120->1111
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(?,00000020,?,?,?), ref: 002B31B1
                                                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU),00000001,?,00000000), ref: 002B31DA
                                                                                                                                                                                                            • wsprintfW.USER32 ref: 002B3201
                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,?), ref: 002B320F
                                                                                                                                                                                                            • wsprintfW.USER32 ref: 002B3228
                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,?), ref: 002B3236
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 002B3240
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?), ref: 002B3250
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?), ref: 002B3257
                                                                                                                                                                                                              • Part of subcall function 002B9250: CryptGenRandom.ADVAPI32(00000008,002B9209,5EFD1808,?,002B9209,0000800C,?,?,002DB144,00000000,?,?,?,?,002D2269,000000FF), ref: 002B92A8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • %s\Temp\asw.%08x%08x, xrefs: 002B31F1
                                                                                                                                                                                                            • D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU), xrefs: 002B31D5
                                                                                                                                                                                                            • %c:\asw.%08x%08x, xrefs: 002B3222
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Directory$CreateDescriptorErrorLastSecuritywsprintf$ConvertCryptFreeLocalRandomStringWindows
                                                                                                                                                                                                            • String ID: %c:\asw.%08x%08x$%s\Temp\asw.%08x%08x$D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU)
                                                                                                                                                                                                            • API String ID: 1345463893-1526440225
                                                                                                                                                                                                            • Opcode ID: 3b5443495dc60e0a7d71bc2ffbfb357e7fb772997605014ef5dd393cb5a9a17c
                                                                                                                                                                                                            • Instruction ID: d7414fbbb7e442bf24f4666a4696edd88748b5e073c7bea99a05ee305548bf2d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b5443495dc60e0a7d71bc2ffbfb357e7fb772997605014ef5dd393cb5a9a17c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C213DB1E11209ABDB10DFE4DD89EEEBBBCEF45B51F040126F905E6240D7309E558B62
                                                                                                                                                                                                            Function 002B4020 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 81stringCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1418 2b4020-2b403d 1419 2b403f-2b4055 wsprintfA 1418->1419 1420 2b4057-2b405b 1418->1420 1421 2b4090-2b413f call 2b3b30 wsprintfA lstrlenA call 2b27b0 1419->1421 1422 2b405d-2b4075 wsprintfA 1420->1422 1423 2b4077-2b408d wsprintfA 1420->1423 1427 2b4144-2b415f call 2c0bbe 1421->1427 1422->1421 1423->1421
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s, xrefs: 002B40B0
                                                                                                                                                                                                            • &t=screenview&cd=%s, xrefs: 002B4046
                                                                                                                                                                                                            • &t=event&ec=microstub&ea=error&el=%08lx%08lx, xrefs: 002B4081
                                                                                                                                                                                                            • &t=event&ec=microstub&ea=ok&el=%08lx, xrefs: 002B4066
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: wsprintf$lstrlen
                                                                                                                                                                                                            • String ID: &t=event&ec=microstub&ea=error&el=%08lx%08lx$&t=event&ec=microstub&ea=ok&el=%08lx$&t=screenview&cd=%s$v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s
                                                                                                                                                                                                            • API String ID: 217384638-4207265834
                                                                                                                                                                                                            • Opcode ID: 71968d8edd363785dee0029db7e85c00a691a62e30ad2aa098e5b759184a9367
                                                                                                                                                                                                            • Instruction ID: 7b5bc692adb5cc639b51f2270d9873d4717f74eeda76e0a3765aa8370f6ac05c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71968d8edd363785dee0029db7e85c00a691a62e30ad2aa098e5b759184a9367
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F23143B1D10219ABCB20DF64DC49BDAB7B8FF05314F00459AA649E3241EB709FA4CF96
                                                                                                                                                                                                            Function 002B39C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1430 2b39c0-2b39f9 FindResourceW 1431 2b3abf-2b3ad1 call 2c0bbe 1430->1431 1432 2b39ff-2b3a0b LoadResource 1430->1432 1432->1431 1434 2b3a11-2b3a2d call 2c0602 1432->1434 1434->1431 1438 2b3a33-2b3a5d wsprintfW 1434->1438 1439 2b3a5f-2b3a6d call 2c0602 1438->1439 1440 2b3a83-2b3a85 1438->1440 1444 2b3a72-2b3a74 1439->1444 1442 2b3aac-2b3abe call 2c0bbe 1440->1442 1443 2b3a87-2b3a9c call 2c0602 1440->1443 1443->1442 1451 2b3a9e-2b3aa9 call 2c42f6 1443->1451 1444->1440 1447 2b3a76-2b3a81 call 2c4efa 1444->1447 1447->1440 1451->1442
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FindResourceW.KERNEL32(002B0000,00000001,00000010), ref: 002B39F1
                                                                                                                                                                                                            • LoadResource.KERNEL32(002B0000,00000000), ref: 002B3A01
                                                                                                                                                                                                            • wsprintfW.USER32 ref: 002B3A52
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \StringFileInfo\040904b0\Edition, xrefs: 002B3A67
                                                                                                                                                                                                            • %d.%d.%d.%d, xrefs: 002B3A4A
                                                                                                                                                                                                            • \StringFileInfo\040904b0\SubEdition, xrefs: 002B3A8F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Resource$FindLoadwsprintf
                                                                                                                                                                                                            • String ID: %d.%d.%d.%d$\StringFileInfo\040904b0\Edition$\StringFileInfo\040904b0\SubEdition
                                                                                                                                                                                                            • API String ID: 1667977947-3794282237
                                                                                                                                                                                                            • Opcode ID: 668fa109c06d07e80821cb6a83b8ceb8609b8eeda2f2e1855634cf500cef8a42
                                                                                                                                                                                                            • Instruction ID: a26a7a1542a8a2e90f4ac4e2d6118d2f61a0f79d21bd602a2b8b3e8e6b4e312d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 668fa109c06d07e80821cb6a83b8ceb8609b8eeda2f2e1855634cf500cef8a42
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4317E72A1011AABDB10DF95DC41FFFB7ACEF49300F24016AF905E6241E631DE258BA1
                                                                                                                                                                                                            Function 002B8130 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(wintrust.dll,?,?,002DB144,00000000), ref: 002B8136
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 002B8149
                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,002DB144,00000000), ref: 002B8152
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                            • String ID: CryptCATAdminAcquireContext2$wintrust.dll
                                                                                                                                                                                                            • API String ID: 145871493-3385133079
                                                                                                                                                                                                            • Opcode ID: 1573e0dfd20e4689724d72b9e5151accec9fdaf6381847a8767eab9f1e517d9b
                                                                                                                                                                                                            • Instruction ID: 4614bebbb851288a8544620ff403e28ee3959657e7229fc3d57ae170ccea4d72
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1573e0dfd20e4689724d72b9e5151accec9fdaf6381847a8767eab9f1e517d9b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69D05B32A1162277465027ACBC0D98B5B689DC2F613190157F409922148A348C929551
                                                                                                                                                                                                            Function 002BB890 Relevance: 6.2, APIs: 4, Instructions: 243COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,?,002BB45F), ref: 002BB99D
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000010,00000000,?,002BB45F), ref: 002BB9D6
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,00000000,00000000,?,002BB45F), ref: 002BBA89
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,002BB45F,00000000,00000000,00000000,?,002BB45F), ref: 002BBAC7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 626452242-0
                                                                                                                                                                                                            • Opcode ID: 025c5c27834a8e4bb3d95c34df5719a0a99c172b8f894ce914f35420ef885aaf
                                                                                                                                                                                                            • Instruction ID: b215e5c27923aa30c22d86dd79a73224b28527896b4905b13a0abafd25b007da
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 025c5c27834a8e4bb3d95c34df5719a0a99c172b8f894ce914f35420ef885aaf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C91E231A11206DFDB11CF68D888BADBBB5FF85354F24415AE915AB390CBB1AE11CF90
                                                                                                                                                                                                            Function 002CA272 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,002C8B5A,00000001,00000364,?,002C2AA0,?,?,?,?,?,002B7DDD,?), ref: 002CA2B3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000007.00000002.2905411602.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905100287.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905729114.00000000002D3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2905995276.00000000002DE000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000007.00000002.2906208442.00000000002E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_2b0000_avg_antivirus_free_setup.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                            • Opcode ID: a4c8942ef704ad50d23fe859b9d8627d1c731bad8f1edf7d4b26c9ed2f2df76b
                                                                                                                                                                                                            • Instruction ID: d2112d1aeee5f8ada08921d38c60881d78e834edf15181ba6138aac6dfb94603
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4c8942ef704ad50d23fe859b9d8627d1c731bad8f1edf7d4b26c9ed2f2df76b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EF0503153553D57DB315E36AC04F5A3749AF41764B18832DFC05D6144DA62DC2085E3